Linux Kernel Userfaultfd Write Protect Fork Vulnerability

A vulnerability in the Linux kernel's handling of userfaultfd write protect markers during the fork process has been addressed. This issue could lead to a child process reading a corrupted page, as the swap-in error marker was not properly persisted after fork(). The vulnerability arises because the destination virtual memory area (VMA) may not inherit the userfaultfd write protect marker from the source VMA, potentially allowing for the incorrect handling of page faults.

Impact

The vulnerability could cause a child process to read corrupted memory pages, leading to potential data integrity issues.

Reproduction

The vulnerability can be reproduced by forking a process that has a userfaultfd write protect marker in its virtual memory area. The child process may then read a corrupted page, demonstrating the flaw in how the kernel handles memory markers during the fork operation.