oss-sec mailing list archives
CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()
From: Rohit Keshri <rkeshri () redhat com>
Date: Wed, 10 Feb 2021 20:34:37 +0530
Hello Team, A use-after-free flaw may be seen due to a race problem while in detach_vmas_to_be_unmapped() in mm/mmap.c in VMA access while munmap(). This flaw could allow a local attacker with a user privilege to crash the system, because VMA with VM_GROWSDOWN or VM_GROWSUP flag set may change their size under mmap_read_lock(). This vulnerability could even lead to a kernel information leak problem. 'CVE-2021-20200' was assigned by Red Hat. References: https://bugs.chromium.org/p/project-zero/issues/detail?id=2056 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c Thanks and Regards .. Rohit Keshri / Red Hat Product Security Team PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D secalert () redhat com for urgent response
Current thread:
- CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Rohit Keshri (Feb 10)
- Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Alexandros Toptsoglou (Feb 10)