CVE-2022-50630Race Condition in Linux

CWE-362Race Condition6 documents5 sources
Severity
7.8HIGH
No vector
EPSS
0.0%
top 89.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlb_handle_userfault The vma_lock and hugetlb_fault_mutex are dropped before handling userfault and reacquire them again after handle_userfault(), but reacquire the vma_lock could lead to UAF[1,2] due to the following race, hugetlb_fault hugetlb_no_page /*unlock vma_lock */ hugetlb_handle_userfault handle_userfault /* unlock mm->mmap_lock*/ vm_mmap_pgoff do_mmap mmap_region munmap_vma_range /* clea

Affected Packages4 packages

Linuxlinux/linux_kernel4.11.05.10.150+3
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux1a1aad8a9b7bd34f60cdf98cd7915f00ae892c4545c33966759ea1b4040c08dacda99ef623c0ca29+5
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50630: In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlb_handle_userfault The vma_lock and hugetlb_fault_mu2025-12-08
GHSA
GHSA-h73p-49j7-j757: In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlb_handle_userfault The vma_lock and hugetlb_fault_2025-12-08
OSV
mm: hugetlb: fix UAF in hugetlb_handle_userfault2025-12-08

📋Vendor Advisories

2
Red Hat
kernel: mm: hugetlb: fix UAF in hugetlb_handle_userfault2025-12-08
Debian
CVE-2022-50630: linux - In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb...2022