AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-50182: In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot se

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 8, 2024CVE-2024-50182

Summary

A Linux kernel vulnerability (CVE-2024-50182) affected memfd_secret(), a system call that creates secret memory regions hidden from the kernel's direct map (a lookup table for physical memory). On some ARM64 systems, the function appeared to work but silently failed to actually hide the memory, defeating its security purpose. The fix makes memfd_secret() return an error code (-ENOSYS) on systems that cannot properly remove memory from the direct map, rather than silently failing.

Solution / Mitigation

Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). The patch disables the syscall on ARM64 systems with certain configuration options disabled (CONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n, and CONFIG_KFENCE=n) where the operation cannot work correctly.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-50182

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 95%