Your submission was sent successfully! Close

CVE-2022-41222

Published: 21 September 2022

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

From the Ubuntu Security Team

It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Priority

High

CVSS 3 base score: 7.0

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-16.19)
focal
Released (5.4.0-132.148)
jammy Not vulnerable
(5.13.0-19.19)
kinetic Not vulnerable
(5.15.0-25.25)
trusty Not vulnerable
(3.11.0-12.19)
upstream
Released (5.14~rc1)
xenial Not vulnerable
(4.4.0-2.16)
Patches:
Introduced by

2c91bd4a4e2e530582d6fd643ea7b86b27907151

Fixed by 97113eb39fa7972722ff490b947d8af023e1f6a2
Introduced by

c49dd340180260c6239e453263a9a244da9a7c85

Fixed by 97113eb39fa7972722ff490b947d8af023e1f6a2
linux-aws
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1001.1)
focal
Released (5.4.0-1089.97)
jammy Not vulnerable
(5.13.0-1005.6)
kinetic Not vulnerable
(5.15.0-1004.6)
trusty Not vulnerable
(4.4.0-1002.2)
upstream
Released (5.14~rc1)
xenial Not vulnerable
(4.4.0-1001.10)
linux-aws-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-aws-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.13)
xenial Does not exist

linux-aws-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.15)
xenial Does not exist

linux-aws-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-1014.18~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-aws-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.4)
xenial Does not exist

linux-aws-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1089.97~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-aws-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-aws-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-aws-5.11)
xenial Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Not vulnerable
(4.15.0-1030.31~16.04.1)
linux-azure
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
focal
Released (5.4.0-1095.101)
jammy Not vulnerable
(5.13.0-1006.7)
kinetic Not vulnerable
(5.15.0-1003.4)
trusty Not vulnerable
(4.15.0-1023.24~14.04.1)
upstream
Released (5.14~rc1)
xenial Not vulnerable
(4.11.0-1009.9)
linux-azure-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1082.92)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-azure-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.13)
xenial Does not exist

linux-azure-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.15)
xenial Does not exist

linux-azure-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-1007.8~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.4)
xenial Does not exist

linux-azure-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1095.101~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-azure-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-azure-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-azure-5.11)
xenial Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-azure-fde
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1095.101+cvm1.1)
jammy Not vulnerable
(5.13.0-1006.7)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-azure-fde-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-1019.24~20.04.1.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-bluefield
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1050.56)
jammy Not vulnerable
(5.15.0-1009.11)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-dell300x
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1005.8)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-fips
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

trusty Ignored
(out of standard support)
upstream
Released (5.14~rc1)
xenial Ignored
(out of standard support)
linux-gcp
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.3)
focal
Released (5.4.0-1093.102)
jammy Not vulnerable
(5.13.0-1005.6)
kinetic Not vulnerable
(5.15.0-1003.6)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Not vulnerable
(4.10.0-1004.4)
linux-gcp-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1071.81)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-gcp-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.13)
xenial Does not exist

linux-gcp-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.15)
xenial Does not exist

linux-gcp-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-1006.9~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gcp-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.4)
xenial Does not exist

linux-gcp-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1093.102~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-gcp-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gcp-5.11)
xenial Does not exist

linux-gke
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1087.94)
jammy Not vulnerable
(5.15.0-1002.2)
kinetic Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Needs triage

linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gke-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-gke-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-1011.14~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-gke-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-gke-5.4)
xenial Does not exist

linux-gke-5.4
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-gkeop
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1057.61)
jammy Not vulnerable
(5.15.0-1001.2)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-gkeop-5.4
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic Ignored
(replaced by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Not vulnerable
(4.8.0-39.42~16.04.1)
linux-hwe-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.13)
xenial Does not exist

linux-hwe-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.15)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.15)
xenial Does not exist

linux-hwe-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-33.34~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-hwe-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-132.148~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-hwe-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-hwe-5.11)
xenial Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-hwe-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Ignored
(superseded by linux-hwe)
linux-ibm
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1037.42)
jammy Not vulnerable
(5.15.0-1002.2)
kinetic Not vulnerable
(5.15.0-1002.2)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-ibm-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1037.42~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-intel-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-intel-iotg
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Not vulnerable
(5.15.0-1004.6)
kinetic Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-intel-iotg-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-1003.5~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1002.2)
focal
Released (5.4.0-1079.85)
jammy Not vulnerable
(5.13.0-1004.4)
kinetic Not vulnerable
(5.15.0-1004.4)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Not vulnerable
(4.4.0-1004.9)
linux-lowlatency
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Not vulnerable
(5.15.0-22.22)
kinetic Not vulnerable
(5.15.0-24.24)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-lowlatency-hwe-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-33.34~20.04.1)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

trusty Not vulnerable
(4.4.0-13.29~14.04.1)
upstream
Released (5.14~rc1)
xenial Does not exist

linux-oem
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Needs triage

linux-oem-5.10
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-oem-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oem-5.14)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oem-5.14)
xenial Does not exist

linux-oem-5.14
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.14.0-1004.4)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-oem-5.17
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Not vulnerable
(5.17.0-1003.3)
kinetic Needs triage

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1007.9)
focal
Released (5.4.0-1087.96)
jammy Not vulnerable
(5.13.0-1008.10)
kinetic Not vulnerable
(5.15.0-1002.4)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Not vulnerable
(4.15.0-1007.9~16.04.1)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.3)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-oracle-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.13)
xenial Does not exist

linux-oracle-5.13
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-oracle-5.15
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable
(5.15.0-1007.9~20.04.1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-oracle-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.4)
xenial Does not exist

linux-oracle-5.4
Launchpad, Ubuntu, Debian
bionic
Released (5.4.0-1087.96~18.04.1)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-oracle-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-oracle-5.11)
xenial Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (5.4.0-1074.85)
jammy Not vulnerable
(5.13.0-1008.9)
kinetic Not vulnerable
(5.15.0-1005.5)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-raspi-5.4
Launchpad, Ubuntu, Debian
bionic Needed

focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.13.0-1005.5)
focal Ignored
(replaced by linux-raspi)
jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Needs triage

linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-raspi-5.4)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-raspi2-5.4)
xenial Does not exist

linux-riscv
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.8)
jammy Not vulnerable
(5.13.0-1004.4)
kinetic Not vulnerable
(5.15.0-1007.7)
trusty Does not exist

upstream
Released (5.14~rc1)
xenial Does not exist

linux-riscv-5.11
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.13)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.13)
xenial Does not exist

linux-riscv-5.8
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.11)
jammy Does not exist

trusty Does not exist

upstream Ignored
(superseded by linux-riscv-5.11)
xenial Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.4.0-1077.82)
focal Does not exist

jammy Does not exist

trusty Does not exist

upstream
Released (5.14~rc1)
xenial Needs triage