Bugzilla – Bug 1202013
VUL-0: CVE-2022-2590: kernel-source: fix FOLL_FORCE COW security issue and remove FOLL_COW
Last modified: 2024-04-19 11:32:49 UTC
Public on oss-security ML: " Hi, I found a security issue (CVE-2022-2590) in the Linux kernel similar to Dirty COW (CVE-2016-5195), however, restricted to shared memory (shmem / tmpfs). I notified distributions one week ago and the embargo ended today. An unprivileged user can modify file content of a shmem (tmpfs) file, even if that user does not have write permissions to the file. The file could be an executable. The introducing upstream commit ID is: 9ae0f87d009c ("mm/shmem: unconditionally set pte dirty in mfill_atomic_install_pte") Linux >= v5.16 is affected on x86-64 and aarch64 if the kernel is compiled with CONFIG_USERFAULTFD=y. For Linux < v5.19 it's sufficient to revert the problematic commit, which is possible with minor contextual conflicts. For Linux >= v5.19 I'll send a proposal fix today. I have a working reproducer that I will post as reply to this mail in one week (August 15). -- Thanks, David / dhildenb "
closing, as we are not affected
a v2: https://lore.kernel.org/all/20220809205640.70916-1-david@redhat.com/
Pushed to stable, feel free to close as you wish.
done