CVE-2022-50889

Vulnerability

Overview

CVE-2022-50889 is a use-after-free (UAF) vulnerability in the Linux kernel's device-mapper integrity (dm-integrity) target. The bug arises when the dm_resume() and dm_destroy() operations are executed concurrently, leading to a race condition where the integrity device's timer can be freed while still in use. This is a classic UAF scenario that can result in memory corruption or arbitrary code execution.

Exploitation

Context

To trigger the vulnerability, an attacker must be able to issue concurrent dm_resume() and dm_destroy() calls on the same dm-integrity device. This requires local access to the system and the ability to interact with the device-mapper subsystem, typically through privileged operations (e.g., root or CAP_SYS_ADMIN). The race window is small, but a timing-dependent condition that can be exploited by carefully orchestrating the two operations.

Impact

If successfully exploited, the UAF can lead to system instability, denial of service (kernel crash), or potentially privilege escalation if an attacker can control the freed memory. The vulnerability is rated with a CVSS score of 7.0 (High), reflecting high severity due to the potential for local privilege escalation.

Mitigation

The fix, introduced in the Linux kernel stable tree, ensures that the timer is cancelled again in dm_integrity_dtr() to prevent the race condition [1][2][3]. Users should apply the latest kernel updates from their distribution or backport the specific commit to mitigate the issue. No workarounds are not available; patching is required.