CVE-2022-49990

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double free vulnerability in the Linux kernel on s390 architecture occurs when the fork() system call fails after the initial task duplication and before the copy thread() function is called. This results in the freeing of the guarded storage and runtime instrumentation control blocks twice, leading to potential issues such as a BUG ON() in set freepointer() or a KASAN splat when running trinity syscall fuzz tests on s390x. The problem arises because the pointers for these blocks are stored in the thread struct of the associated task and are not properly cleared in case of a fork() failure.

Recommendations To resolve this issue, clear the associated pointer fields in arch dup task struct() immediately after the new task is copied. Note that the RI flag is still cleared in copy thread() because it resides in thread stack memory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.