CVE-2022-50285

Summary

In the Linux kernel, the following vulnerability has been resolved:

mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages

The h->*_huge_pages counters are protected by the hugetlb_lock, but alloc_huge_page has a corner case where it can decrement the counter outside of the lock.

This could lead to a corrupted value of h->resv_huge_pages, which we have observed on our systems.

Take the hugetlb_lock before decrementing h->resv_huge_pages to avoid a potential race.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa88c769548047b21f76fd71e04b6a3300ff17160 < 3e50a07b6a5fcd39df1534d3fdaca4292a65efe6affected
LinuxLinuxa88c769548047b21f76fd71e04b6a3300ff17160 < 629c986e19fe9481227c7cdfd9a105bbc104d245affected
LinuxLinuxa88c769548047b21f76fd71e04b6a3300ff17160 < 2b35432d324898ec41beb27031d2a1a864a4d40eaffected
LinuxLinuxa88c769548047b21f76fd71e04b6a3300ff17160 < 11993652d0b49e27272db0a37aa828d8a3a4b92baffected
LinuxLinuxa88c769548047b21f76fd71e04b6a3300ff17160 < 568e3812b1778b4c0c229649b59977d88f400eceaffected
LinuxLinuxa88c769548047b21f76fd71e04b6a3300ff17160 < 112a005d1ded04a4b41b6d01833cc0bda90625ccaffected
LinuxLinuxa88c769548047b21f76fd71e04b6a3300ff17160 < c828fab903725279aa9dc6ae3d44bb7e4778f92caffected
LinuxLinuxa88c769548047b21f76fd71e04b6a3300ff17160 < 12df140f0bdfae5dcfc81800970dd7f6f632e00caffected
LinuxLinux3f5fae4d1a3189d95b02b4b45e1218df147122bcaffected
LinuxLinux4.3.6 < 4.4affected
LinuxLinux4.4affected
LinuxLinux0 < 4.4unaffected
LinuxLinux4.9.332 <= 4.9.*unaffected
LinuxLinux4.14.298 <= 4.14.*unaffected
LinuxLinux4.19.264 <= 4.19.*unaffected
LinuxLinux5.4.223 <= 5.4.*unaffected
LinuxLinux5.10.153 <= 5.10.*unaffected
LinuxLinux5.15.76 <= 5.15.*unaffected
LinuxLinux6.0.6 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References