OSG-SEC-2023-02-28 MEDIUM Linux kernel use-after-free in mm/mremap

Dear OSG Security Contacts,

A use-after-free flaw was found in the Linux kernel's mm/mremap memory address space accounting source code in how a race condition happens between rmap walk and mremap (CVE-2022-41222).[1]

IMPACTED VERSIONS:

Linux kernel versions before 5.13.3

The CVE doesn't specify the earliest version of the kernel impacted, but Red Hat indicates that only RHEL 8 based distributions are affected [1] and Ubuntu only indicates that 20.04.x LTS (focal) is affected.[2] All RHEL 8 derived distributions will also be impacted.

WHAT ARE THE VULNERABILITIES:

This flaw allows a local user to crash or potentially escalate their privileges on the system.[3]

WHAT YOU SHOULD DO:

The vulnerability is rated as difficult to exploit, and there are no proof of concept examples available at this time, so we're giving it a MEDIUM priority. Be aware of the issue and remember to apply updates to your Linux systems' kernel packages and reboot as a part of your regularly scheduled system maintenance practices.

REFERENCES

[1] https://access.redhat.com/security/cve/CVE-2022-41222

[2] https://ubuntu.com/security/CVE-2022-41222

[3] https://bugzilla.redhat.com/show_bug.cgi?id=2138818

Please contact the OSG security team at [email protected] if you have any questions or concerns. OSG Security Team