CVE-2021-47461: userfaultfd: fix a race between writeprotect and exit_mmap()
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: fix a race between writeprotect and exitmmap()
A race is possible when a process exits, its VMAs are removed by exitmmap() and at the same time userfaultfdwriteprotect() is called.
The race was detected by KASAN on a development kernel, but it appears to be possible on vanilla kernels as well.
Use mmgetnotzero() to prevent the race as done in other userfaultfd operations.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: fix a race between writeprotect and exitmmap()
The Linux kernel CVE team has assigned CVE-2021-47461 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052225-CVE-2021-47461-a472@gregkh/T
— Red Hat
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition between writeprotect and exitmmap(). By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2021-47461?
CVE-2021-47461 is classified with a medium severity due to its potential impact on system stability.
How do I fix CVE-2021-47461?
To fix CVE-2021-47461, update the kernel to version 5.10.76, 5.14.15, or 5.15.
What systems are affected by CVE-2021-47461?
CVE-2021-47461 affects various Linux kernel versions and IBM Security Verify Governance versions up to 10.0.2.
What specific issue does CVE-2021-47461 address?
CVE-2021-47461 addresses a race condition between userfaultfd_writeprotect() and exit_mmap() in the Linux kernel.
Is CVE-2021-47461 specific to certain distributions?
Yes, CVE-2021-47461 is primarily reported in Red Hat kernels and certain IBM security products.