In the nucleus linux detected service ( CVE-2022-2590 ), which allows the unconvilized user to change the files reflected in memory (MMAP) and files in TMPFS, not having the right to write in them, and raise their privileges in the system. By its type, the identified problem resembles the vulnerability of the Dirty Cow, but is characterized in that it is limited only to the effect on the data in the separated memory (shMEM / tMPFS). The problem can also be used to modify advanced executable files using the divided memory.
The problem is caused by the state of the race in the memory control subsystem arising from the exclusion processing (Fault) generated when trying to access the areas available only to read the areas reflected in COW (Copy-on-Write Mapping). The problem is manifested starting from the 5.16 nucleus on systems with architecture X86-64 and AARCH64 when assembling the nucleus with the option Config_USERFULTFD = Y. Vulnerability is eliminated in the release of 5.19. An example of exploit is planned to be published on August 15.