Home
HIGH: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 (git) before 34861bdc0c0196b6c2dd48f7454029407704ff6e
affected
b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 (git) before 6922db250422a0dfee34de322f86b7a73d713d33
affected
Default status
affected
6.19
affected
Any version before 6.19
unaffected
6.19.10 (semver)
unaffected
7.0 (original_commit_for_fix)
unaffected
Description
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix use-after-free in mshv_map_user_memory error path In the error path of mshv_map_user_memory(), calling vfree() directly on the region leaves the MMU notifier registered. When userspace later unmaps the memory, the notifier fires and accesses the freed region, causing a use-after-free and potential kernel panic. Replace vfree() with mshv_partition_put() to properly unregister the MMU notifier before freeing the region.
Product status
b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 (git) before 34861bdc0c0196b6c2dd48f7454029407704ff6e
b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 (git) before 6922db250422a0dfee34de322f86b7a73d713d33
6.19
Any version before 6.19
6.19.10 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/34861bdc0c0196b6c2dd48f7454029407704ff6e
git.kernel.org/...c/6922db250422a0dfee34de322f86b7a73d713d33