Description

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Commit d7a08838ab74 ("mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails") moved the src_folio->{mapping, index} changing to after clearing the page-table and ensuring that it's not pinned. This avoids failure of swapout+migration and possibly memory corruption. However, the commit missed fixing it in the huge-page case.

INFO

Published Date :

2024-05-01T05:29:08.528Z

Last Modified :

2025-11-04T17:16:42.236Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27007 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-27007.

URL Resource
https://git.kernel.org/stable/c/c0205eaf3af9f5db14d4b5ee4abacf4a583c3c50 cve-icon cve-icon
https://git.kernel.org/stable/c/df5f6e683e7f21a15d8be6e7a0c7a46436963ebe cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/ cve-icon
https://lore.kernel.org/linux-cve-announce/2024050147-CVE-2024-27007-686b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-27007 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-27007 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact