-
CVE-2022-50630
- EPSS 0.02%
- Veröffentlicht 08.12.2025 01:16:45
- Zuletzt bearbeitet 08.12.2025 18:26:19
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved:
mm: hugetlb: fix UAF in hugetlb_handle_userfault
The vma_lock and hugetlb_fault_mutex are dropped before handling userfault
and reacquire them again after handle_userfault(), but reacquire the
vma_lock could lead to UAF[1,2] due to the following race,
hugetlb_fault
hugetlb_no_page
/*unlock vma_lock */
hugetlb_handle_userfault
handle_userfault
/* unlock mm->mmap_lock*/
vm_mmap_pgoff
do_mmap
mmap_region
munmap_vma_range
/* clean old vma */
/* lock vma_lock again <--- UAF */
/* unlock vma_lock */
Since the vma_lock will unlock immediately after
hugetlb_handle_userfault(), let's drop the unneeded lock and unlock in
hugetlb_handle_userfault() to fix the issue.
[1] https://lore.kernel.org/linux-mm/000000000000d5e00a05e834962e@google.com/
[2] https://lore.kernel.org/linux-mm/20220921014457.1668-1-liuzixian4@huawei.com/Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
45c33966759ea1b4040c08dacda99ef623c0ca29
Version
1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45
Status
affected
Version <
0db2efb3bff879566f05341d94c3de00ac95c4cc
Version
1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45
Status
affected
Version <
dd691973f67b2800a97db723b1ff6f07fdcf7f5a
Version
1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45
Status
affected
Version <
78504bcedb2f1bbfb353b4d233c24d641c4dda33
Version
1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45
Status
affected
Version <
958f32ce832ba781ac20e11bb2d12a9352ea28fc
Version
1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.11
Status
affected
Version <
4.11
Version
0
Status
unaffected
Version <=
5.10.*
Version
5.10.150
Status
unaffected
Version <=
5.15.*
Version
5.15.75
Status
unaffected
Version <=
5.19.*
Version
5.19.17
Status
unaffected
Version <=
6.0.*
Version
6.0.3
Status
unaffected
Version <=
*
Version
6.1
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.038 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|