CVE-2022-41222: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the Linux kernel's memory management subsystem, specifically in mm/mremap.c before version 5.13.3. The vulnerability (CVE-2022-41222) involves a use-after-free condition via a stale TLB because an rmap lock is not held during a PUD move (CVE-MITRE, NVD).

The vulnerability occurs in the memory management subsystem's mremap functionality. The issue stems from a race condition where the rmap lock is not properly held during page table entry moves, specifically during PUD (Page Upper Directory) operations. The CVSS v3.1 base score is 7.0 (HIGH) with a vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access required with high complexity (NETAPP).

Successful exploitation of this vulnerability could lead to multiple severe consequences including denial of service (memory corruption or crash), information leaks, or privilege escalation. The vulnerability affects systems running Linux kernel versions prior to 5.13.3 (DEBIAN-LTS).

The vulnerability was fixed in Linux kernel version 5.13.3 by updating the rmap locking requirement in mremap to properly handle the race condition. The fix involves ensuring that the rmap lock is held in write mode when moving page table entries (KERNEL-COMMIT).