CVE-2022-49080

{"id": "CVE-2022-49080", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:00:45.347", "references": [{"url": "https://git.kernel.org/stable/c/198932a14aeb19a15cf19e51e151d023bc4cd648", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/25f506273b6ae806fd46bfcb6fdaa5b9ec81a05b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/39a32f3c06f6d68a530bf9612afa19f50f12e93d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4ad099559b00ac01c3726e5c95dc3108ef47d03e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5e16dc5378abd749a836daa9ee4ab2c8d2668999", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6e00309ac716fa8225f0cbde2cd9c24f0e74ee21", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8510c2346d9e47a72b7f018a36ef0c39483e53d6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f7e183b0a7136b6dc9c7b9b2a85a608a8feba894", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fe39ac59dbbf893b73b24e3184161d0bd06d6651", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix mpol_new leak in shared_policy_replace\n\nIf mpol_new is allocated but not used in restart loop, mpol_new will be\nfreed via mpol_put before returning to the caller. But refcnt is not\ninitialized yet, so mpol_put could not do the right things and might\nleak the unused mpol_new. This would happen if mempolicy was updated on\nthe shared shmem file while the sp->lock has been dropped during the\nmemory allocation.\n\nThis issue could be triggered easily with the below code snippet if\nthere are many processes doing the below work at the same time:\n\n shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);\n shm = shmat(shmid, 0, 0);\n loop many times {\n mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);\n mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,\n maxnode, 0);\n }"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/mempolicy: arregla la fuga de mpol_new en shared_policy_replace Si mpol_new se asigna pero no se usa en el bucle de reinicio, mpol_new se liberar\u00e1 a trav\u00e9s de mpol_put antes de regresar al llamador. Pero refcnt a\u00fan no se ha inicializado, por lo que mpol_put no podr\u00eda hacer las cosas correctas y podr\u00eda filtrar el mpol_new no utilizado. Esto suceder\u00eda si mempolicy se actualizara en el archivo shmem compartido mientras se eliminaba sp->lock durante la asignaci\u00f3n de memoria. Este problema se podr\u00eda activar f\u00e1cilmente con el siguiente fragmento de c\u00f3digo si hay muchos procesos haciendo el siguiente trabajo al mismo tiempo: shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT); shm = shmat(shmid, 0, 0); repetir muchas veces { mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0); mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask, maxnode, 0); }"}], "lastModified": "2025-09-23T18:32:22.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C95B5F4F-421D-43B3-98BF-C395D41D59BC", "versionEndExcluding": "4.9.311", "versionStartIncluding": "3.8.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49", "versionEndExcluding": "4.14.276", "versionStartIncluding": "4.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D", "versionEndExcluding": "4.19.238", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F", "versionEndExcluding": "5.4.189", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96258501-7BCE-4C55-8A38-8AC9D327626D", "versionEndExcluding": "5.10.111", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D25878D3-7761-4E9F-8919-E92CD53896E0", "versionEndExcluding": "5.15.34", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABBBA66E-0244-4621-966B-9790AF1EEB00", "versionEndExcluding": "5.16.20", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762", "versionEndExcluding": "5.17.3", "versionStartIncluding": "5.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEE536AD-20BA-4893-AF2B-B6CF446F5FB3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30456934-2CAE-4F0C-B361-4E2C10DE8DD8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E108893-AAAF-48F4-9376-71AC33C7A40E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC348729-8654-4178-851F-5C4BE4B5C806"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A29F057-1966-4A35-83AE-844FF160388B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC426C5C-DA23-494D-888F-4E3712EBA3E2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70810C1C-2B24-47DF-9357-E9D755D1BE99"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AD94161-84BB-42E6-9882-4FC0C42E9FC1"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}