📄 Description (English)
In the Linux kernel, the following vulnerability has been resolved:
procfs: fix possible double mmput() in do_procmap_query()
When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY
we return with -ENAMETOOLONG error. After recent changes this condition
happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(),
so original goto out is now wrong and will double-mmput() mm_struct. Fix
by jumping further to clean up only vm_file and name_buf.
🤖 AI Executive Summary
A double-free vulnerability in Linux kernel's procfs PROCMAP_QUERY handler causes kernel memory corruption when users provide incorrectly sized buffers for build IDs. This can lead to kernel crashes or potential privilege escalation on affected systems. The vulnerability affects Linux kernel versions including 6.19 and requires immediate patching for production systems.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 13, 2026 00:17
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations running Linux-based infrastructure, particularly: (1) Government agencies and NCA-regulated entities using Linux servers for critical operations; (2) Banking and financial institutions (SAMA-regulated) relying on Linux for transaction processing and data centers; (3) Telecommunications providers (STC, Mobily) operating Linux-based network infrastructure; (4) Energy sector (ARAMCO, SEC) utilizing Linux for SCADA and operational technology systems; (5) Healthcare providers managing patient data on Linux systems. The double-mmput() vulnerability could enable local privilege escalation or denial of service attacks on multi-tenant systems.
🏢 Affected Saudi Sectors
Government & Public Administration
Banking & Financial Services
Telecommunications
Energy & Utilities
Healthcare
Defense & Security
Data Centers & Cloud Services
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all Linux systems running kernel versions 6.19 and earlier in your environment
2. Assess exposure: prioritize systems with multi-user access or containerized workloads
3. Implement access controls to restrict PROCMAP_QUERY usage via seccomp/AppArmor if patching is delayed
Patching Guidance:
1. Apply Linux kernel security updates from your distribution (RHEL, Ubuntu, SLES, etc.) immediately
2. For RHEL/CentOS: yum update kernel && reboot
3. For Ubuntu: apt update && apt upgrade linux-image-generic && reboot
4. Verify patch application: uname -r should show updated kernel version
Compensating Controls (if immediate patching unavailable):
1. Restrict /proc access: chmod 700 /proc for sensitive systems
2. Disable unprivileged PROCMAP_QUERY via sysctl: kernel.unprivileged_userns_clone=0
3. Monitor for exploitation attempts using auditd rules targeting procfs access
4. Implement container security policies restricting /proc access
Detection Rules:
1. Monitor for PROCMAP_QUERY syscalls with oversized buffer parameters
2. Alert on kernel oops/panic messages related to mmput() or mm_struct corruption
3. Track failed /proc/[pid]/maps_query operations returning -ENAMETOOLONG
4. Monitor for unexpected kernel memory access violations in audit logs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أنظمة لينكس التي تعمل بإصدارات نواة 6.19 وأقدم في بيئتك
2. تقييم التعرض: إعطاء الأولوية للأنظمة ذات الوصول متعدد المستخدمين أو أحمال العمل المحتوية
3. تطبيق عناصر التحكم في الوصول لتقييد استخدام PROCMAP_QUERY عبر seccomp/AppArmor إذا تأخر التصحيح
إرشادات التصحيح:
1. تطبيق تحديثات أمان نواة لينكس من توزيعتك (RHEL, Ubuntu, SLES, إلخ) فوراً
2. لـ RHEL/CentOS: yum update kernel && reboot
3. لـ Ubuntu: apt update && apt upgrade linux-image-generic && reboot
4. التحقق من تطبيق التصحيح: uname -r يجب أن يظهر إصدار النواة المحدث
عناصر التحكم البديلة (إذا تعذر التصحيح الفوري):
1. تقييد وصول /proc: chmod 700 /proc للأنظمة الحساسة
2. تعطيل PROCMAP_QUERY غير المميز عبر sysctl: kernel.unprivileged_userns_clone=0
3. مراقبة محاولات الاستغلال باستخدام قواعد auditd التي تستهدف وصول procfs
4. تطبيق سياسات أمان الحاويات التي تقيد وصول /proc
قواعد الكشف:
1. مراقبة استدعاءات PROCMAP_QUERY syscalls مع معاملات المخزن المؤقت الكبيرة
2. التنبيه على رسائل kernel oops/panic المتعلقة بتلف mmput() أو mm_struct
3. تتبع عمليات /proc/[pid]/maps_query الفاشلة التي تعيد -ENAMETOOLONG
4. مراقبة انتهاكات وصول ذاكرة النواة غير المتوقعة في سجلات التدقيق
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.3.1 - Configuration management
🔵 SAMA CSF
SAMA CSF ID.BE-5.1 - Cybersecurity risk management strategy
SAMA CSF PR.IP-12 - Software, firmware, and information integrity mechanisms
SAMA CSF DE.CM-8 - Vulnerability scans are performed
🟡 ISO 27001:2022
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
ISO 27001:2022 A.14.2.1 - Secure development, acceptance and testing
ISO 27001:2022 A.12.3.1 - Configuration management
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Ensure all system components and software are protected from known vulnerabilities
🔗 References & Sources 4
🔗
https://git.kernel.org/stable/c/61dc9f776705d6db6847c101b98fa4f0e9eb6fa3
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/8adaff87db143583e08eec4f4e7788f1ef8af94d
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/90f5e87c9b75833b9ef3a4415b92c0247f28ab2f
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/f9fe092084cd04deea18747f58a2304026e76aaa
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
📦 Affected Products / CPE 4 entries
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel:6.19