CVE-2022-49171

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: don&amp;#39;t BUG if someone dirty pages without asking ext4 first<br /> <br /> [un]pin_user_pages_remote is dirtying pages without properly warning<br /> the file system in advance. A related race was noted by Jan Kara in<br /> 2018[1]; however, more recently instead of it being a very hard-to-hit<br /> race, it could be reliably triggered by process_vm_writev(2) which was<br /> discovered by Syzbot[2].<br /> <br /> This is technically a bug in mm/gup.c, but arguably ext4 is fragile in<br /> that if some other kernel subsystem dirty pages without properly<br /> notifying the file system using page_mkwrite(), ext4 will BUG, while<br /> other file systems will not BUG (although data will still be lost).<br /> <br /> So instead of crashing with a BUG, issue a warning (since there may be<br /> potential data loss) and just mark the page as clean to avoid<br /> unprivileged denial of service attacks until the problem can be<br /> properly fixed. More discussion and background can be found in the<br /> thread starting at [2].<br /> <br /> [1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz<br /> [2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com