A vulnerability has been identified in the Linux kernel (CVE-2022-2590) that allows an unprivileged user to change memory-mapped files (mmap) and files in tmpfs without having write access to them, and elevate their privileges in the system. In its type, the identified problem resembles the Dirty COW vulnerability, but differs in that it is limited only to affecting data in shared memory (shmem / tmpfs). The problem can also be used to modify running executable files that use shared memory.
The problem is caused by a race condition in the memory management subsystem that occurs when handling an exception (fault) generated when trying to write access to read-only areas in shared memory, reflected in COW (copy-on-write mapping) mode. The problem manifests itself since kernel 5.16 on x86-64 and aarch64 systems when building the kernel with the CONFIG_USERFAULTFD=y option. The vulnerability was fixed in release 5.19. An example of an exploit is planned to be published on August 15th.
Source: opennet.ru