CVE-2022-48724

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware node unconditionally allocated"). For tear down scenario, fn is only freed after fail to allocate ir_domain, though it also should be freed in case dmar_enable_qi returns error. Besides free fn, irq_domain and ir_msi_domain need to be removed as well if intel_setup_irq_remapping fails to enable queued invalidation. Improve the rewinding path by add out_free_ir_domain and out_free_fwnode lables per Baolu's suggestion.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/336d096b62bdc673e852b6b80d5072d7888ce85d	Patch
https://git.kernel.org/stable/c/5c43d46daa0d2928234dd2792ebebc35d29ee2d1	Patch
https://git.kernel.org/stable/c/99e675d473eb8cf2deac1376a0f840222fc1adcf	Patch
https://git.kernel.org/stable/c/9d9995b0371e4e8c18d4f955479e5d47efe7b2d4	Patch
https://git.kernel.org/stable/c/a0c685ba99961b1dd894b2e470e692a539770f6d	Patch
https://git.kernel.org/stable/c/a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9	Patch
https://git.kernel.org/stable/c/b62eceb5f8f08815fe3f945fc55bbf997c344ecd	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::

History

18 Sep 2024, 16:19

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/336d096b62bdc673e852b6b80d5072d7888ce85d -~~	() https://git.kernel.org/stable/c/336d096b62bdc673e852b6b80d5072d7888ce85d - Patch
References	~~() https://git.kernel.org/stable/c/5c43d46daa0d2928234dd2792ebebc35d29ee2d1 -~~	() https://git.kernel.org/stable/c/5c43d46daa0d2928234dd2792ebebc35d29ee2d1 - Patch
References	~~() https://git.kernel.org/stable/c/99e675d473eb8cf2deac1376a0f840222fc1adcf -~~	() https://git.kernel.org/stable/c/99e675d473eb8cf2deac1376a0f840222fc1adcf - Patch
References	~~() https://git.kernel.org/stable/c/9d9995b0371e4e8c18d4f955479e5d47efe7b2d4 -~~	() https://git.kernel.org/stable/c/9d9995b0371e4e8c18d4f955479e5d47efe7b2d4 - Patch
References	~~() https://git.kernel.org/stable/c/a0c685ba99961b1dd894b2e470e692a539770f6d -~~	() https://git.kernel.org/stable/c/a0c685ba99961b1dd894b2e470e692a539770f6d - Patch
References	~~() https://git.kernel.org/stable/c/a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9 -~~	() https://git.kernel.org/stable/c/a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9 - Patch
References	~~() https://git.kernel.org/stable/c/b62eceb5f8f08815fe3f945fc55bbf997c344ecd -~~	() https://git.kernel.org/stable/c/b62eceb5f8f08815fe3f945fc55bbf997c344ecd - Patch
CWE		CWE-401
CPE		cpe:2.3:o:linux:linux_kernel:5.17:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.17:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: soluciona una posible pérdida de memoria en intel_setup_irq_remapping() después del commit e3beca48a45b ("irqdomain/treewide: mantiene el nodo de firmware asignado incondicionalmente"). Para el escenario de desmontaje, fn solo se libera después de que no se puede asignar ir_domain, aunque también debe liberarse en caso de que dmar_enable_qi devuelva un error. Además de free fn, irq_domain e ir_msi_domain también deben eliminarse si intel_setup_irq_remapping no logra habilitar la invalidación en cola. Mejore la ruta de rebobinado agregando las etiquetas out_free_ir_domain y out_free_fwnode según la sugerencia de Baolu.

20 Jun 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-20 12:15

Updated : 2024-09-18 16:19

NVD link : CVE-2022-48724

Mitre link : CVE-2022-48724

CVE.ORG link : CVE-2022-48724

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10