CVE-2022-50630 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlb_handle_userfault The vma_lock and hugetlb_fault_mutex are dropped before handling userfault and reacquire them again after handle_userfault(), but reacquire the vma_lock could lead to UAF[1,2] due to the following race, hugetlb_fault hugetlb_no_page /*unlock vma_lock */ hugetlb_handle_userfault handle_userfault /* unlock mm->mmap_lock*/ vm_mmap_pgoff do_mmap mmap_region munmap_vma_range /* clean old vma */ /* lock vma_lock again <--- UAF */ /* unlock vma_lock */ Since the vma_lock will unlock immediately after hugetlb_handle_userfault(), let's drop the unneeded lock and unlock in hugetlb_handle_userfault() to fix the issue. [1] https://lore.kernel.org/linux-mm/000000000000d5e00a05e834962e@google.com/ [2] https://lore.kernel.org/linux-mm/20220921014457.1668-1-liuzixian4@huawei.com/

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0db2efb3bff879566f05341d94c3de00ac95c4cc
https://git.kernel.org/stable/c/45c33966759ea1b4040c08dacda99ef623c0ca29
https://git.kernel.org/stable/c/78504bcedb2f1bbfb353b4d233c24d641c4dda33
https://git.kernel.org/stable/c/958f32ce832ba781ac20e11bb2d12a9352ea28fc
https://git.kernel.org/stable/c/dd691973f67b2800a97db723b1ff6f07fdcf7f5a

History

Mon, 08 Dec 2025 02:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlb_handle_userfault The vma_lock and hugetlb_fault_mutex are dropped before handling userfault and reacquire them again after handle_userfault(), but reacquire the vma_lock could lead to UAF[1,2] due to the following race, hugetlb_fault hugetlb_no_page /unlock vma_lock / hugetlb_handle_userfault handle_userfault /* unlock mm->mmap_lock/ vm_mmap_pgoff do_mmap mmap_region munmap_vma_range / clean old vma / / lock vma_lock again <--- UAF / / unlock vma_lock */ Since the vma_lock will unlock immediately after hugetlb_handle_userfault(), let's drop the unneeded lock and unlock in hugetlb_handle_userfault() to fix the issue. [1] https://lore.kernel.org/linux-mm/000000000000d5e00a05e834962e@google.com/ [2] https://lore.kernel.org/linux-mm/20220921014457.1668-1-liuzixian4@huawei.com/
Title		mm: hugetlb: fix UAF in hugetlb_handle_userfault
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0db2efb3bff879566f05341d94c3de00ac95c4cc https://git.kernel.org/stable/c/45c33966759ea1b4040c08dacda99ef623c0ca29 https://git.kernel.org/stable/c/78504bcedb2f1bbfb353b4d233c24d641c4dda33 https://git.kernel.org/stable/c/958f32ce832ba781ac20e11bb2d12a9352ea28fc https://git.kernel.org/stable/c/dd691973f67b2800a97db723b1ff6f07fdcf7f5a

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-08T01:16:45.555Z

Updated: 2025-12-08T01:16:45.555Z

Reserved: 2025-12-08T01:14:55.192Z

Link: CVE-2022-50630

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-08T02:15:49.223

Modified: 2025-12-08T18:26:19.900

Link: CVE-2022-50630

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object