Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu

...

CVE-2022-23091

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to othe...

Code injection

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to othe...

CVE-2022-23091 Memory disclosure by stale virtual memory mapping

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to othe...

CVE-2022-23091 Memory disclosure by stale virtual memory mapping

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to othe...

CVE-2022-23091

CVE-2022-23091 relates to FreeBSD: memory sharing in the virtual memory system mishandled, allowing an unprivileged local process to keep a page mapping after it is freed and read private data from other processes or the kernel. The advisory (FreeBSD-SA-22:11.vm) and VuXML entry describe the issu...

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call...

Memory corruption

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call...

CVE-2023-33107 Integer Overflow or Wraparound in Graphics Linux

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call...

kernel: drm/i915: Avoid potential vm use-after-free

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid potential vm use-after-free Adding the vm to the vmxa table makes it visible to userspace, which could try to race with us to close the vm. So we need to take our extra reference before putting it in the table...

kernel: drm/amdkfd: Fix double release compute pasid

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix double release compute pasid If kfdprocessdeviceinitvm returns failure after vm is converted to compute vm and vm-pasid set to compute pasid, KFD will not take pdd-drmfile reference. As a result, drm close file...

The vulnerability of the _bfd_vms_save_sized_string function in the vms-misc.c component of the GNU Binutils development environment allows a attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the bfdvmssavesizedstring function in the vms-misc.c component of the GNU Binutils development environment is related to reading data beyond the buffer’s allowed limits. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its...

kernel: drm/i915: Avoid potential vm use-after-free

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid potential vm use-after-free Adding the vm to the vmxa table makes it visible to userspace, which could try to race with us to close the vm. So we need to take our extra reference before putting it in the table...

SUSE CVE-2023-4611

A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak...

CVE-2023-4611

A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak...

kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry

A flaw was found in include/asm-generic/tlb.h in the Linux kernel due to a race condition unmapmappingrange versus munmap. This issue allows a device driver to free a page while it still has stale TLB entries...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6249-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6249-1 advisory. Ruihan Li discovered that the memory management subsystem in the Linux kernel contained a race condition when accessing VMAs in certain conditions, leadi...

Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal

...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl CVE-2021-47634 In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges""...

SUSE CVE-2023-3269

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas VMAs is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, a...