CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
9.5%
In the Linux kernel, a vulnerability was fixed by replacing pte_offset_map()
with pte_offset_map_nolock()
in the filemap_fault_recheck_pte_none()
function. The original use of pte_offset_map()
relied on a potentially stale page table lock (PTL), which could lead to a use-after-free (UAF) condition if the page table was modified after a pte_unmap()
operation. The replacement function, pte_offset_map_nolock()
, avoids this risk by not depending on the PTL, thus ensuring safer access to the page table and preventing potential security issues.
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.