CVE-2022-50630

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: hugetlb: fix UAF in hugetlb_handle_userfault<br /> <br /> The vma_lock and hugetlb_fault_mutex are dropped before handling userfault<br /> and reacquire them again after handle_userfault(), but reacquire the<br /> vma_lock could lead to UAF[1,2] due to the following race,<br /> <br /> hugetlb_fault<br /> hugetlb_no_page<br /> /*unlock vma_lock */<br /> hugetlb_handle_userfault<br /> handle_userfault<br /> /* unlock mm-&gt;mmap_lock*/<br /> vm_mmap_pgoff<br /> do_mmap<br /> mmap_region<br /> munmap_vma_range<br /> /* clean old vma */<br /> /* lock vma_lock again