CVE-2024-47745: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47745 is a security vulnerability discovered in the Linux kernel's remapfilepages syscall handler. The vulnerability was disclosed on October 21, 2024, affecting Linux kernel versions up to 6.6.54, from 6.7 to 6.10.13, and from 6.11 to 6.11.2. The issue stems from the remapfilepages syscall handler calling do_mmap() directly without proper LSM (Linux Security Module) security checks (NVD).

The vulnerability exists in the mm/mmap.c file where the remapfilepages syscall handler bypasses the LSM security check by directly calling dommap(). When a process calls personality(READIMPLIESEXEC) before invoking remapfile_pages() for RW pages, it results in remapping the pages to RWX, effectively bypassing the W^X policy enforced by SELinux. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows an attacker to bypass the W^X (Write XOR Execute) policy enforced by SELinux, potentially enabling the execution of malicious code in memory regions that should be write-only. This bypass is similar to CVE-2016-10044, which achieved the same effect via AIO (Kernel Patch).

The vulnerability has been patched by adding a securitymmapfile() LSM hook check in the remapfilepages syscall handler before calling do_mmap(). The fix has been implemented in various kernel versions through patches. Users are advised to upgrade to patched kernel versions (Kernel Patch).