Linux Kernel Memory Management Vulnerability in Dup_Mmap Handling

A vulnerability in the Linux kernel's memory management has been addressed, specifically related to the dup_mmap() function and uprobe registration. When memory allocation fails during the duplication of the memory map, it can leave the maple tree in an unsafe state for iterators, except for the exit path. Although the locks are released before calling exit_mmap(), an incomplete mm_struct can still be accessed through the rmap, which identifies virtual memory areas (VMAs) linked to the mm_struct. This issue was highlighted by Syzbot, which demonstrated that an improperly initialized mm_struct could cause failures with recent forking changes, indicating the dangers of using a partially initialized mm_struct.

Impact

The vulnerability could lead to a race condition where an unstable mm_struct is accessed, potentially causing memory management errors or corruption.

Remediation

The patch for this vulnerability has been applied in the Linux kernel. Users should upgrade to the latest stable version of the kernel where this patch is included.