Linux Kernel memfd_secret Memory Management Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's handling of memfd_secret files can cause a kernel panic when an attempt is made to grow the file's size using ftruncate. This issue arises because memfd_secret pages are not mapped through the direct map, rendering the address returned by page_address() ineffective. As a result, the normal truncation process, which involves zeroing out memory, fails and triggers a panic. The vulnerability affects Linux kernel versions prior to 5.17.0.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a system crash.

Reproduction

To reproduce this vulnerability, create a memfd_secret file and use ftruncate to resize it. After writing data to the file and unmapping it, attempt to grow the file's size with ftruncate again. This sequence of actions will reliably induce the kernel panic.

Remediation

Users can upgrade to Linux kernel version 5.17.0 or later, where this vulnerability has been addressed.