The double fetch issue only exists on Linux version 4.5 - 4.7, and later patched and fixed back in 2017.
We tested and verified that this exploit is fixed in Linux v5.11.
We also tested against this CVE on long terms supporting versions Linux v5.4 , v5.10, v5.15 and current version Linux 5.19, this issue does not exist.
The problem of Linux mentioned in USENIX Security 2022 paper Midas: Systematic Kernel TOCTTOU Protection is invalid.
Execute ioctl failed.
The patch is here: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10eec60ce79187686e052092e5383c99b4420a20
diff --git a/fs/ioctl.c b/fs/ioctl.c
index 116a333e9c773..0f56deb24ce65 100644
--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -590,6 +590,7 @@ static long ioctl_file_dedupe_range(struct file *file, void __user *arg)
goto out;
}
+ same->dest_count = count;
ret = vfs_dedupe_file_range(file, same);
if (ret)
goto out;