Problem Description:
A particular case of memory sharing is mishandled in the virtual memory
system. It is possible and legal to establish a relationship where
multiple descendant processes share a mapping which shadows memory of an
ancestor process. In this scenario, when one process modifies memory
through such a mapping, the copy-on-write logic fails to invalidate
other mappings of the source page. These stale mappings may remain even
after the mapped pages have been reused for another purpose.
Impact:
An unprivileged local user process can maintain a mapping of a page
after it is freed, allowing that process to read private data belonging
to other processes or the kernel.