CVE-2024-47745 – This Linux kernel vulnerability allows local at... (How to Fix)

Q: What is the severity of CVE-2024-47745?

CVE-2024-47745 has a CVSS score of 7.8 (HIGH). This Linux kernel vulnerability allows local attackers to bypass SELinux W^X (Write XOR Execute) memory protection policies by using the remap_file_pages() system call with READ_IMPLIES_EXEC personality. It affects Linux systems with SELinux enforcing W^X policies, potentially enabling attackers to create executable memory regions that should be restricted.

📋 TL;DR

This Linux kernel vulnerability allows local attackers to bypass SELinux W^X (Write XOR Execute) memory protection policies by using the remap_file_pages() system call with READ_IMPLIES_EXEC personality. It affects Linux systems with SELinux enforcing W^X policies, potentially enabling attackers to create executable memory regions that should be restricted.

💻 Affected Systems

Products:

Linux Kernel

Versions: Versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when SELinux is enforcing W^X policies and READ_IMPLIES_EXEC personality is used. Most default configurations are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation allowing attackers to execute arbitrary code in kernel context, potentially leading to full system compromise.

🟠

Likely Case

Local attackers bypass memory protection policies to execute unauthorized code in user-space processes.

🟢

If Mitigated

Limited impact if SELinux W^X policies are not enforced or if the system is patched.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised local accounts could exploit this to bypass security controls.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Proof of concept code is provided in the CVE description. Exploitation requires local access and specific conditions (SELinux W^X policies + READ_IMPLIES_EXEC).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1, 3393fddbfa947c8e1fdcc4509226905ffffd8b89, 49d3a4ad57c57227c3b0fd6cd4188b2a5ebd6178, ce14f38d6ee9e88e37ec28427b4b93a7c33c70d3, ea7e2d5e49c05e5db1922387b09ca74aa40f46e2

Vendor Advisory: https://git.kernel.org/stable/c/0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable READ_IMPLIES_EXEC personality

linux

Prevent processes from using READ_IMPLIES_EXEC personality flag which is required for exploitation

sysctl -w kernel.personality_read_implies_exec=0

Disable SELinux W^X enforcement

linux

Temporarily disable W^X policy enforcement in SELinux (reduces security)

setsebool -P selinux_enforce_write_xor_exec 0

🧯 If You Can't Patch

Restrict local user access to minimize attack surface
Monitor for use of remap_file_pages() system call and READ_IMPLIES_EXEC personality

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from your distribution. Also check if SELinux is enforcing W^X policies: getsebool selinux_enforce_write_xor_exec

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and test with provided PoC to ensure it no longer creates RWX pages

📡 Detection & Monitoring

Log Indicators:

Audit logs showing remap_file_pages() system calls with READ_IMPLIES_EXEC personality
SELinux denials for memory protection violations

Network Indicators:

None - this is a local vulnerability

SIEM Query:

process.name="test" AND syscall.name="remap_file_pages" OR syscall.name="personality" AND syscall.args="READ_IMPLIES_EXEC"

📊 Metadata

CVE ID: CVE-2024-47745

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-670

Published: October 21, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47745, you might also want to check these: