Description

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

Related CPE's

o

linux

linux_kernel

4

o

debian

debian_linux

2

o

fedoraproject

fedora

35

Vulnerable

a

oracle

communications_cloud_native_core_binding_support_function

22.1.3

Vulnerable

a

oracle

communications_cloud_native_core_network_exposure_function

22.1.1

Vulnerable

a

oracle

communications_cloud_native_core_policy

22.2.0

Vulnerable

References

https://bugzilla.redhat.com/show_bug.cgi?id=2025726

Issue TrackingThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea

PatchVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Mailing ListThird Party Advisory

https://www.debian.org/security/2022/dsa-5096

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/11/25/1

ExploitMailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-401

[email protected]

Secondary
CWE-459

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

4.4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-03-03T22:15:08.527

3 years ago

Last modified

2023-02-22T17:46:52.970

2 years ago