Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-39188
HistorySep 02, 2022 - 12:00 a.m.

CVE-2022-39188

2022-09-0200:00:00
ubuntu.com
ubuntu.com
30
linux kernel
tlb entries
race condition
device driver
page
stale
vm_pfnmap
backports
stable list
upstream
ubuntu kernel

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel
before 5.19. Because of a race condition (unmap_mapping_range versus
munmap), a device driver can free a page while it still has stale TLB
entries. This only occurs in situations with VM_PFNMAP VMAs.

Notes

Author Note
sbeattie for backports, see JannH’s post to the stable list
rodrigo-zaiden for 5.4 kernels, two follow up commits are needed. in upstream they are: b67fbebd4cf9 and b67fbebd4cf98, they were adjusted in ubuntu kernel to match the needs.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-201.212UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-136.153UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-57.63UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1147.159UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1093.101UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1027.31UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1027.31~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1093.102~18.04.2UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1100.106UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1030.37UNKNOWN
Rows per page:
1-10 of 551

References

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%