A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
[
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "affects kernel v3.6 and later through v5.15.5."
}
]
}
]
bugzilla.redhat.com/show_bug.cgi?id=2025726
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890
lists.debian.org/debian-lts-announce/2022/03/msg00011.html
lists.debian.org/debian-lts-announce/2022/03/msg00012.html
www.debian.org/security/2022/dsa-5096
www.openwall.com/lists/oss-security/2021/11/25/1
www.oracle.com/security-alerts/cpujul2022.html