CVE-2022-50630
Published: Dec 8, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlb_handle_userfault The vma_lock and hugetlb_fault_mutex are dropped before handling userfault and reacquire them again after handle_userfault(), but reacquire the vma_lock could lead to UAF[1,2] due to the following race, hugetlb_fault hugetlb_no_page /*unlock vma_lock */ hugetlb_handle_userfault handle_userfault /* unlock mm->mmap_lock*/ vm_mmap_pgoff do_mmap mmap_region munmap_vma_range /* clean old vma */ /* lock vma_lock again <--- UAF */ /* unlock vma_lock */ Since the vma_lock will unlock immediately after hugetlb_handle_userfault(), let's drop the unneeded lock and unlock in hugetlb_handle_userfault() to fix the issue. [1] https://lore.kernel.org/linux-mm/[email protected]/ [2] https://lore.kernel.org/linux-mm/[email protected]/
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45 - < 45c33966759ea1b4040c08dacda99ef623c0ca29affected 1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45 - < 0db2efb3bff879566f05341d94c3de00ac95c4ccaffected 1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45 - < dd691973f67b2800a97db723b1ff6f07fdcf7f5aaffected 1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45 - < 78504bcedb2f1bbfb353b4d233c24d641c4dda33affected 1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45 - < 958f32ce832ba781ac20e11bb2d12a9352ea28fc |
Linux | Linux | affected 4.11unaffected 0 - < 4.11unaffected 5.10.150 - <= 5.10.*unaffected 5.15.75 - <= 5.15.*unaffected 5.19.17 - <= 5.19.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now