What is CVE-2024-47745?

A high-severity vulnerability in the Linux kernel allows attackers to bypass SELinux's W^X policy, potentially leading to unauthorized access. Organizations must prioritize patching this vulnerability to mitigate risks effectively.

What is the severity of CVE-2024-47745?

CVE-2024-47745 has a severity rating of HIGH with a CVSS base score of 7.8.

CVE-2024-47745 | High Vulnerability in Linux Kernel

In the Linux kernel, a high-severity vulnerability has been identified that allows attackers to bypass the W^X policy enforced by SELinux. This vulnerability, tracked as CVE-2024-47745, exists in the remap_file_pages syscall handler, which directly calls do_mmap() without performing the necessary security checks. If a process has previously invoked personality(READ_IMPLIES_EXEC) and then calls remap_file_pages() for read-write pages, it can remap pages to RWX, effectively bypassing SELinux protections.

The vulnerability presents a significant risk to organizations as it could potentially allow attackers to execute arbitrary code with elevated privileges. This exploitation could lead to unauthorized access and manipulation of sensitive data. Given its high CVSS score of 7.8, organizations must address this vulnerability in their patch management processes.

Currently, there are no known public exploits or proof-of-concept code available for this vulnerability. However, the potential impact necessitates immediate attention from security teams to ensure systems are not left vulnerable.

Organizations should prioritize patching immediately. Regular vulnerability assessments and updates to the Linux kernel should be conducted to mitigate risks associated with this vulnerability.

Vulnerability Details

The vulnerability allows for the bypass of SELinux's W^X policy through the remap_file_pages syscall in the Linux kernel. This vulnerability is classified under CWE-670, indicating an improper enforcement of security policies.

The CVSS score of this vulnerability is 7.8, categorized as high severity. It is essential for organizations to understand the potential impacts on confidentiality, integrity, and availability associated with this vulnerability.

Technical Analysis

The root cause of this vulnerability stems from the remap_file_pages syscall handler's direct call to do_mmap(), which does not apply the required LSM security checks. If exploited, this vulnerability can allow an attacker to execute arbitrary code within the context of the affected process.

The attack vector is local, requiring the attacker to have local access to the system. The attack complexity is low, as the steps to exploit this vulnerability are straightforward for an attacker with local access. The privileges required to exploit this vulnerability are also low, further increasing its risk profile.

Risk & Impact Analysis

Risk to organizations includes significant potential for unauthorized code execution, leading to data breaches and compromised systems. The blast radius is substantial, as it affects all versions of the Linux kernel prior to the necessary patches.

Given the high CVSS score and the lack of known public exploits, organizations should prioritize addressing this vulnerability. The potential impacts on sensitive information and system integrity warrant immediate remediation efforts.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects the following versions of the Linux kernel: all versions prior to 6.6.54, versions 6.7 to 6.10.12, and versions 6.11 to 6.11.2.

Mitigation & Remediation

Organizations should prioritize applying the latest patches provided by the Linux maintainers. The following patches have been issued to address this vulnerability:

For immediate security, organizations can also review their SELinux configurations to ensure proper W^X policy enforcement.

Continuous penetration testing can help identify potential weaknesses in the system.

Detection Guidance

Monitoring system logs for anomalies and unauthorized access patterns is essential. Security teams should look for unusual system calls, especially involving memory management functions.

AppSecure Threat Intelligence Insight

This vulnerability underscores the importance of maintaining robust security practices around system calls and memory management. Organizations can benefit from implementing a comprehensive vulnerability management program that includes regular updates and security assessments.

Additionally, organizations should consider adopting penetration testing methodologies to better understand the landscape of security vulnerabilities and how to mitigate them effectively.

Awareness and training around security best practices are crucial for reducing the risk associated with similar vulnerabilities in the future.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-47745: High Vulnerability in Linux Kernel