CVE-2024-46787: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's userfaultfd subsystem has been identified and patched (CVE-2024-46787). The issue involves incorrect checks for huge PMDs (Page Middle Directory) in the mfill_atomic() function, which could lead to race conditions and potential system crashes. The vulnerability was discovered by Jann Horn and affects Linux kernel versions prior to the patch (Kernel Git).

The vulnerability stems from three distinct issues in the pmdtranshuge() code within mfillatomic(): 1) A race condition in the pmdtranshuge() check that could trigger a BUGON() condition, 2) Insufficient detection of PMDs that don't point to page tables, including devmap PMDs and swap PMDs, and 3) Incorrect BUGON() checks in mfillatomic() for shmem mappings on newer kernels (>=6.5). The issue is particularly severe on kernels <= 6.4, where racing migration against UFFDIOZEROPAGE could cause a kernel oops in ptlockptr() (Kernel Git).

The vulnerability could lead to kernel crashes (oops) and potential system instability. On older kernels (before 6.5), the bug could theoretically lead to accessing transhuge page contents as a page table under specific race conditions. Additionally, on kernels <= 6.4, the issue could result in the kernel attempting to take PTE locks on invalid addresses, potentially causing system crashes (Kernel Git).

The issue has been fixed through a patch that improves the checks for huge PMDs in the userfaultfd subsystem. The fix includes proper handling of PMD states and additional checks for various PMD types. Users should update their Linux kernel to a version containing the fix. The patch has been merged into the mainline kernel and is being backported to affected stable kernel versions (Ubuntu Security).