CVE-2024-41027

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-41027
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41027.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-41027
Downstream
Published
2024-07-29T14:31:43.859Z
Modified
2026-05-15T11:53:09.090799605Z
Summary
Fix userfaultfd_api to return EINVAL as expected
Details

In the Linux kernel, the following vulnerability has been resolved:

Fix userfaultfd_api to return EINVAL as expected

Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an EINVAL.

We need to fix this issue since we can end up with a Kernel warning should a program request the feature UFFDFEATUREWP_UNPOPULATED on a kernel with the config not set with this feature.

[ 200.812896] WARNING: CPU: 91 PID: 13634 at mm/memory.c:1660 zappterange+0x43d/0x660 [ 200.820738] Modules linked in: [ 200.869387] CPU: 91 PID: 13634 Comm: userfaultfd Kdump: loaded Not tainted 6.9.0-rc5+ #8 [ 200.877477] Hardware name: Dell Inc. PowerEdge R6525/0N7YGH, BIOS 2.7.3 03/30/2022 [ 200.885052] RIP: 0010:zappterange+0x43d/0x660

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41027.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.7.0
Fixed
5.15.163
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.100
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.41
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.10

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41027.json"