Problem Description:
A particular case of memory sharing is mishandled in the virtual memory
system. It is possible and legal to establish a relationship where
multiple descendant processes share a mapping which shadows memory of an
ancestor process. In this scenario, when one process modifies memory
through such a mapping, the copy-on-write logic fails to invalidate
other mappings of the source page. These stale mappings may remain even
after the mapped pages have been reused for another purpose.
Impact:
An unprivileged local user process can maintain a mapping of a page
after it is freed, allowing that process to read private data belonging
to other processes or the kernel.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | freebsd-kernel | = 12.2 | UNKNOWN |
FreeBSD | any | noarch | freebsd-kernel | < 12.2_6 | UNKNOWN |