[SRU Bionic 0/1] CVE-2022-41222
Cengiz Can
cengiz.can at canonical.com
Tue Nov 22 06:19:10 UTC 2022
[Impact]
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale
TLB because an rmap lock is not held during a PUD move.
[Fix]
This is a backport of a backport.
A single commit was backported as far as 5.4.y on stable. It didn't apply
cleanly on our tree so I had to do some adjustments.
[Test case]
Compile, boot and POC tested.
[Potential regression]
High. Fix removes a flag from locking mechanism in page table mover logic.
Aneesh Kumar K.V (1):
mm/mremap: hold the rmap lock in write mode when moving page table
entries.
mm/mremap.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--
2.37.2
More information about the kernel-team
mailing list