Description
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
Related CPE's
o
linux
linux_kernel
o
debian
debian_linux
References
https://bugzilla.redhat.com/show_bug.cgi?id=2025726
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
https://www.debian.org/security/2022/dsa-5096
https://www.openwall.com/lists/oss-security/2021/11/25/1
https://www.oracle.com/security-alerts/cpujul2022.html
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.4 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-03-03T22:15:08.527
3 years agoLast modified
2023-02-22T17:46:52.970
2 years ago