CVE-2022-48904

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-48904
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memory leak, and can be observed when launching VM w/ pass-through devices. Fix by freeing the memory used for page table before updating the mode.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6 Patch
https://git.kernel.org/stable/c/6b0b2d9a6a308bcd9300c2d83000a82812c56cea Patch
https://git.kernel.org/stable/c/c78627f757e37c2cf386b59c700c4e1574988597 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*
History

12 Sep 2024, 13:55

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6 - () https://git.kernel.org/stable/c/378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6 - Patch
References () https://git.kernel.org/stable/c/6b0b2d9a6a308bcd9300c2d83000a82812c56cea - () https://git.kernel.org/stable/c/6b0b2d9a6a308bcd9300c2d83000a82812c56cea - Patch
References () https://git.kernel.org/stable/c/c78627f757e37c2cf386b59c700c4e1574988597 - () https://git.kernel.org/stable/c/c78627f757e37c2cf386b59c700c4e1574988597 - Patch
CPE cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-401

22 Aug 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iommu/amd: corrige la pérdida de memoria de la tabla de páginas de E/S. La lógica actual actualiza el modo de tabla de páginas de E/S para el dominio antes de llamar a la lógica para liberar la memoria utilizada para la tabla de páginas. Esto da como resultado una pérdida de memoria en la tabla de páginas de IOMMU y se puede observar al iniciar VM con dispositivos de paso. Se soluciona liberando la memoria utilizada para la tabla de páginas antes de actualizar el modo.

22 Aug 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-22 02:15

Updated : 2024-09-12 13:55

NVD link : CVE-2022-48904

Mitre link : CVE-2022-48904

CVE.ORG link : CVE-2022-48904

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024