CVE-2024-39497: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was discovered in the Linux kernel's DRM (Direct Rendering Manager) subsystem, specifically in the drmgemshmemmmap function. The vulnerability (CVE-2024-39497) was disclosed on July 12, 2024, and affects all DRM drivers using default shmem helpers. The issue stems from a lack of check for copy-on-write (COW) mapping, which allows users to call mmap with PROTWRITE and MAP_PRIVATE flags (NVD).

The vulnerability occurs in the drmgemshmemmmap function where there is no validation for copy-on-write mapping. When users call mmap with PROTWRITE and MAPPRIVATE flags, it triggers a kernel panic due to a BUGON assertion in vmfinsertpfnprot: BUGON((vma->vmflags & VMPFNMAP) && iscowmapping(vma->vmflags)). The issue can be reproduced using a simple code example: void *ptr = mmap(0, size, PROTWRITE, MAPPRIVATE, fd, mmapoffset); ptr[0] = 0; (Kernel Commit).

When exploited, this vulnerability causes a kernel panic, leading to a system crash. This affects all DRM drivers that use default shmem helpers, potentially impacting a wide range of Linux systems using these graphics drivers (NVD).

The issue has been fixed by adding an early check for COW mapping in the drmgemshmem_mmap function, which returns -EINVAL if such mapping is detected. The fix has been implemented in various kernel versions, including Ubuntu 24.04 LTS (6.8.0-44.44), Ubuntu 22.04 LTS (5.15.0-133.144), and other distributions (Ubuntu Security).