OSG-SEC-2023-02-28 MEDIUM Linux kernel use-after-free in mm/mremap
Dear OSG Security Contacts,
A use-after-free flaw was found in the Linux kernel's mm/mremap memory address space accounting source code in how a race condition happens between rmap walk and mremap (CVE-2022-41222).
Linux kernel versions before 5.13.3
The CVE doesn't specify the earliest version of the kernel impacted, but Red Hat indicates that only RHEL 8 based distributions are affected  and Ubuntu only indicates that 20.04.x LTS (focal) is affected. All RHEL 8 derived distributions will also be impacted.
WHAT ARE THE VULNERABILITIES:
This flaw allows a local user to crash or potentially escalate their privileges on the system.
WHAT YOU SHOULD DO:
The vulnerability is rated as difficult to exploit, and there are no proof of concept examples available at this time, so we're giving it a MEDIUM priority. Be aware of the issue and remember to apply updates to your Linux systems' kernel packages and reboot as a part of your regularly scheduled system maintenance practices.
Please contact the OSG security team at [email protected] if you have any questions or concerns. OSG Security Team