Description
There are packages installed that are affected by a vulnerability referenced in the following CVE:
- In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about
dup_mmap() failures and uprobe registering If a memory allocation fails during dup_mmap(), the maple tree
can be left in an unsafe state for other iterators besides the exit path. All the locks are dropped before
the exit_mmap() call (in mm/mmap.c), but the incomplete mm_struct can be reached through (at least) the
rmap finding the vmas which have a pointer back to the mm_struct. Up to this point, there have been no
issues with being able to find an mm_struct that was only partially initialised. Syzbot was able to make
the incomplete mm_struct fail with recent forking changes, so it has been proven unsafe to use the
mm_struct that hasn't been initialised, as referenced in the link below. Although 8ac662f5da19f ("fork:
avoid inappropriate uprobe access to invalid mm") fixed the uprobe access, it does not completely remove
the race. This patch sets the MMF_OOM_SKIP to avoid the iteration of the vmas on the oom side (even though
this is extremely unlikely to be selected as an oom victim in the race window), and sets MMF_UNSTABLE to
avoid other potential users from using a partially initialised mm_struct. When registering vmas for
uprobe, skip the vmas in an mm that is marked unstable. Modifying a vma in an unstable mm may cause issues
if the mm isn't fully initialised. (CVE-2025-21709)
Plugin Details
Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 2/27/2025