CVE-2024-36881

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/userfaultfd: reset ptes when close() for wr-protected ones<br /> <br /> Userfaultfd unregister includes a step to remove wr-protect bits from all<br /> the relevant pgtable entries, but that only covered an explicit<br /> UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover<br /> that too. This fixes a WARN trace.<br /> <br /> The only user visible side effect is the user can observe leftover<br /> wr-protect bits even if the user close()ed on an userfaultfd when<br /> releasing the last reference of it. However hopefully that should be<br /> harmless, and nothing bad should happen even if so.<br /> <br /> This change is now more important after the recent page-table-check<br /> patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check:<br /> support userfault wr-protect entries")), as we&amp;#39;ll do sanity check on<br /> uffd-wp bits without vma context. So it&amp;#39;s better if we can 100%<br /> guarantee no uffd-wp bit leftovers, to make sure each report will be<br /> valid.