Zhangpeng

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the function `filemap fault recheck pte none()` in the Linux kernel's memory management subsystem. It involves a race condition that may lead to the reuse of previously freed memory, potentially allowing an attacker to impact the integrity of protected information. The problem arises because the `vmf->ptl` is still set from `handle pte fault()`, but at the same time, `pte unmap(vmf->pte)` is performed, which can cause the page table to be changed, making `vmf->ptl` fail to protect the actual page table. This might trigger a Use After Free (UAF) condition. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the Linux kernel's TCP rx zerocopy functionality, which is intended to map pages initially allocated from NIC drivers, not pages owned by a file system. A patch has been added to include additional checks in the `can map frag()` function to prevent potential issues, such as panics reported by ZhangPeng. The vulnerability could be exploited by an attacker to cause a denial of service. Technical details about exploitation include the use of `sendfile()` to map pages owned by an ext4 file to TCP rx zerocopy. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.