Linux Kernel FOLL_FORCE COW Vulnerability Allowing Unprivileged User Space Modifications

A vulnerability in the Linux kernel's memory management can allow unprivileged user space to modify content in tmpfs or shmem files without proper permissions. This issue arises from the FOLL_FORCE flag, which can be exploited to bypass write protections on shared pages. The vulnerability affects x86_64 and aarch64 architectures, specifically in kernels version 5.19 and later, due to the introduction of extended userfaultfd support.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of tmpfs or shmem file contents, bypassing normal write permissions and memfd-write sealing, creating a potential for data corruption or unauthorized data manipulation.

Remediation

Users can upgrade to a patched version of the Linux kernel that addresses this vulnerability. For kernels prior to version 5.19, the problematic commit can be reverted to ensure safety regarding the userfaultfd continuation feature.