ACK: [SRU][J:linux][PATCH 0/1] CVE-2024-46787
Edoardo Canepa
edoardo.canepa at canonical.com
Wed Jun 11 15:43:22 UTC 2025
Acked-by: Edoardo Canepa <edoardo.canepa at canonical.com>
On 04/06/25 16:29, Philip Cox wrote:
> CVE-2024-46787
>
> SRU Justification:
>
> [Impact]
> In the Linux kernel, the following vulnerability has been resolved:
> userfaultfd: fix checks for huge PMDs Patch series
> “userfaultfd: fix races around pmd_trans_huge() check”.
>
> The pmd_trans_huge() check is racy and can lead to a
> BUG_ON() (if you hit the right two race windows), or on older
> kernels (before 6.5), you’d just have to win a single fairly wide
> race to hit this.
>
>
> [Backport]
> Fixed in upstream commit 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8
>
> The patch does not apply clean due to the fact pmd_read_atomic()
> was renamed to pmdp_get_lockless() in upstream commit
> dab6e717429e5ec795d558a0e9a5337a1ed33a3d.
>
> I did not pick dab6e717429e as a prerequesit for this change
> because it does not apply cleanly either, and would require
> more changes to be picked, further increasing the regression risk.
>
> I strongly feel that is much safer resolve the cherry-pick merge
> conflict by renaming pmdp_get_lockless() to pmd_read_atomic()
> especially in the ESM kernels.
>
>
> [Test]
> compile and boot tested.
>
> [What could go wrong]
> The main risk would be that further cherry-picks may have merge
> conflicts due to the new changes, and may have incorrectly resolved
> merge conflicts. This shold be minimal, and caught by code review,
> but the risk does exist due to the fact that this change has not
> been merged into the stable branches that these backports are
> targetting.
>
> --
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20F88172E14F6784.asc
Type: application/pgp-keys
Size: 3167 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250611/210c373a/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250611/210c373a/attachment-0001.sig>
More information about the kernel-team
mailing list