CVE-2022-50471

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The gntdev driver in the Linux kernel did not correctly handle scenarios involving paravirtualized (PV) Xen domains and Virtual Memory Area (VMA) splitting. Specifically, the issue occurred when a user process set up a gntdev mapping with two grant mappings (shared pages), unmapped one page, then the remaining page, and finally exited. This could lead to kernel log messages indicating a bad page map and a general protection fault within the affected Xen PV domain. The root cause was the use of the map->vma field in the gntdev grant map structure, which became inaccurate with split VMAs. The fix removes reliance on map->vma and utilizes map->pages vm start and (map->count << PAGE SHIFT) for original address and size information. Additionally, the MMU notifier removal was moved to the end of gntdev put map, and an atomic counter was implemented to prevent re-use of gntdev mappings over the same address range. This prevents a scenario where a user process could map shared pages over a previously established mapping, potentially triggering a general protection fault in the Xen domain.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.