Hide Forgot
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. References: https://seclists.org/oss-sec/2018/q4/108 https://bugs.chromium.org/p/project-zero/issues/detail?id=1695 An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1648486]
Is there a plan to fix this on RHEL 7 or a way to mitigate / workaround? Thanks in advance.
nullIn reply to comment #6: > Is there a plan to fix this on RHEL 7 or a way to mitigate / workaround? > > Thanks in advance. Hi, For RHEL 7 fixes, I will recommend you to open a case with Red Hat support if you have an active subscription. Regarding the mitigation/workaround one of our security analyst shall update this bug if there is there is any mitigation or workaround. Regards YOG.
(In reply to Davor from comment #6) > Is there a plan to fix this on RHEL 7 or a way to mitigate / workaround? Hello, Yes, this flaw is going to be fixed in RHEL7. Unfortunately, there is no mitigation as the flaw is in the kernel's core memory management subsystem code. On the other hand we rate this flaw as Moderate severity, as for the moment of this writing there is no known exploit or reproducer or proof-of-concept for RHEL-7.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:0831
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0036
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2020:0100 https://access.redhat.com/errata/RHSA-2020:0100
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:0103 https://access.redhat.com/errata/RHSA-2020:0103
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:0179 https://access.redhat.com/errata/RHSA-2020:0179