CVE-2022-50630

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the hugetlb memory management subsystem, specifically in the hugetlb handle userfault function. The issue arises from dropping the vma lock and hugetlb fault mutex before handling a userfault and reacquiring them afterward. The reacquisition of the vma lock can lead to a use-after-free condition due to a race condition involving hugetlb fault, hugetlb no page, handle userfault, vm mmap pgoff, do mmap, mmap region, and munmap vma range. The vulnerability occurs when the vma lock is unlocked immediately after hugetlb handle userfault, creating a window where the memory it protects could be freed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.