The userfaultfd()
system call is a bit of a strange beast; it allows user space to take
responsibility for the handling of page faults, which is normally a
quintessential kernel task. It is thus perhaps not surprising that it has
turned out to have some utility for those who would attack the kernel’s
security as well. A recent patch
set from Daniel Colascione is small, but it makes a significant change
that can help block at least one sort of attack using
userfaultfd().

Source: LWN.net – [$] Blocking userfaultfd() kernel-fault handling