Linux Kernel Memory Policy Uninitialized Value Vulnerability in Cgroup Migration

A vulnerability in the Linux kernel's memory policy management has been identified, specifically within the 'mm/mempolicy.c' file. The issue arises when the memory policy mode is set to MPOL_LOCAL, as the corresponding nodemask is not initialized. This uninitialized value is then accessed in the 'mpol_rebind_policy' function, leading to potential undefined behavior. The vulnerability can be reproduced by attaching a task to a cpuset that allows memory migration, which triggers the faulty memory policy handling.

Impact

Exploitation of this vulnerability could lead to the use of uninitialized memory, potentially causing information leakage or other unintended behavior.

Reproduction

The vulnerability can be reproduced by using a Syzkaller reproducer that triggers the 'mpol_new' function with a preferred memory policy. This process involves migrating a task to a cpuset that allows memory policy changes, which activates the 'mpol_rebind_policy' function. Due to the 'MPOL_LOCAL' mode, the nodemask is not properly initialized, creating a scenario where uninitialized memory is accessed.