CVE-2022-48802

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc6-syzkaller

Description The vulnerability is related to the fs/proc component of the Linux kernel, specifically in the task mmu.c file. It is caused by a race condition that occurs when the MADV FREE system call is made while simultaneously reading the /proc/$PID/smaps file. This can lead to a BUG being triggered at include/linux/page-flags.h:785, resulting in an invalid opcode. The issue arises from the page mapcount function being called on a page that is not a tail page of a THP (Transparent Huge Page) anymore, after the MADV FREE call has split the THP. To fix this, a new parameter has been added to the smaps account function to indicate when an entry is a migration entry, allowing it to skip calling page mapcount in such cases.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions after 5.16.0-rc6-syzkaller should include the necessary patches. If updating is not immediately possible, consider applying the patch manually or using a kernel version that is known to have the fix. As a temporary workaround, consider avoiding the use of MADV FREE on partial THPs or limiting access to the /proc/$PID/smaps file to minimize the risk of triggering the race condition.