CVE-2024-50182: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50182 affects the Linux kernel's secretmem functionality, specifically the memfd_secret() system call. The vulnerability was discovered in October 2024 and affects Linux kernel versions from 5.14 up to (excluding) 6.11.4. The issue occurs when the architecture cannot properly set the direct map, particularly on certain arm64 configurations (Kernel Patch).

The vulnerability exists in the memfd_secret() system call implementation where set_direct_map_invalid_noflush() returns success (0) instead of an error on arm64 systems with !can_set_direct_map(). This occurs specifically on arm64 configurations where marking 4k PTEs in the direct map as not present can only be done if the direct map is set up at 4k granularity, due to ARM's break-before-make semantics limitations. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability results in a silent failure where the memfd_secret() syscall appears to work successfully (syscall succeeds, and users can mmap the fd and fault in pages), but fails to achieve its security goal of removing memory from the direct map. This affects systems where can_set_direct_map() returns false, specifically arm64 systems with CONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n, and CONFIG_KFENCE=n (Kernel Patch).

The vulnerability has been patched by modifying the memfd_secret() syscall to return -ENOSYS when can_set_direct_map() returns false. The fix has been implemented across multiple kernel versions and is included in security updates for various distributions. For Ubuntu users, the fix is available in USN-7289-3 and USN-7310-1 (Ubuntu Notice).