CVE-2022-2590: 
Linux Debian vulnerability analysis and mitigation

A race condition vulnerability (CVE-2022-2590) was discovered in the Linux kernel's memory subsystem, specifically in how it handles the copy-on-write (COW) breakage of private read-only shared memory mappings. The vulnerability was found by David Hildenbrand and disclosed on August 8, 2022. This issue affects Linux kernel versions >= v5.16 on x86-64 and aarch64 architectures when compiled with CONFIG_USERFAULTFD=y (Openwall).

The vulnerability stems from a race condition in the memory manager where an unprivileged user can modify file content of a shmem (tmpfs) file, even without write permissions. The issue was introduced by commit 9ae0f87d009c ("mm/shmem: unconditionally set pte dirty in mfillatomicinstallpte"). The vulnerability allows attackers to use UFFDIOCONTINUE to map a shmem page R/O while marking the pte dirty, similar to the Dirty COW vulnerability (CVE-2016-5195) but restricted to shared memory (shmem/tmpfs) (Kernel Archive).

The vulnerability enables local, unprivileged attackers to gain write access to read-only memory mappings, potentially leading to privilege escalation. Attackers can modify any running process that is readable, and even if the process is not readable, they can use cat /proc/{pid}/maps to find readable ELF modules. On Android, attackers can dynamically modify an Android Runtime (ART) process, potentially gaining root access without causing crashes or requiring device reboots (Security Online).

For Linux versions < v5.19, the mitigation involves reverting the problematic commit (9ae0f87d009c). For Linux >= v5.19, a fix was proposed that addresses the security issue by modifying how FOLL_FORCE handles COW mappings. Users are advised to upgrade to the latest Linux kernel versions that include the security patches (Openwall).