CVE-2022-49080

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/mempolicy: fix mpol_new leak in shared_policy_replace<br /> <br /> If mpol_new is allocated but not used in restart loop, mpol_new will be<br /> freed via mpol_put before returning to the caller. But refcnt is not<br /> initialized yet, so mpol_put could not do the right things and might<br /> leak the unused mpol_new. This would happen if mempolicy was updated on<br /> the shared shmem file while the sp-&gt;lock has been dropped during the<br /> memory allocation.<br /> <br /> This issue could be triggered easily with the below code snippet if<br /> there are many processes doing the below work at the same time:<br /> <br /> shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);<br /> shm = shmat(shmid, 0, 0);<br /> loop many times {<br /> mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);<br /> mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,<br /> maxnode, 0);<br /> }