CVE-2024-46838: 
CBL Mariner vulnerability analysis and mitigation

CVE-2024-46838 affects the Linux kernel's userfaultfd functionality. The vulnerability was discovered and disclosed on September 27, 2024, impacting Linux kernel versions from 6.6 to 6.10.10 and various release candidates of version 6.11. The issue arises from incorrect BUG_ON() assertions in the userfaultfd code when khugepaged modifies page tables in file mappings (Kernel Patch).

The vulnerability stems from incorrect BUG_ON() assertions in the userfaultfd code that were incompatible with khugepaged's ability to retract page tables in file mappings without holding the mmap lock. The issue has a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (NVD).

The vulnerability can lead to system crashes due to incorrect BUG_ON() assertions triggering when khugepaged modifies page tables in file mappings. This primarily affects system availability, with no direct impact on confidentiality or integrity (NVD).

The issue has been fixed in multiple Linux kernel versions, including 6.8.0-50.51 for Ubuntu 24.04 LTS and various other distribution-specific kernel versions. The fix involves removing the incorrect BUG_ON() assertions and adding proper handling for cases where khugepaged modifies page tables (Ubuntu, Kernel Patch).