Vulnerabilities > CVE-2022-48890 - Memory Leak vulnerability in Linux Kernel

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linux

CWE-401

NVD

Published: 2024-08-21

Updated: 2024-09-06

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(), which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in storvsc_do_io(), the I/O is typically retried by higher level code, but the bounce buffer memory is never freed. The mostly like cause of I/O submission failure is a full VMBus channel ring buffer, which is not uncommon under high I/O loads. Eventually enough bounce buffer memory leaks that the confidential VM can't do any I/O. The same problem can arise in a non-confidential VM with kernel boot parameter swiotlb=force. Fix this by doing scsi_dma_unmap() in the case of an I/O submission error, which frees the bounce buffer memory.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 6.2 Linux Linux Kernel 5.17 Linux Linux Kernel 5.17.1 Linux Linux Kernel 5.17.2 Linux Linux Kernel 5.17.3 Linux Linux Kernel 5.17.4 Linux Linux Kernel 5.17.5 Linux Linux Kernel 5.17.6 Linux Linux Kernel 5.17.7 Linux Linux Kernel 5.17.8 Linux Linux Kernel 5.17.9 Linux Linux Kernel 5.17.10 Linux Linux Kernel 5.17.11 Linux Linux Kernel 5.17.12 Linux Linux Kernel 5.17.13 Linux Linux Kernel 5.17.14 Linux Linux Kernel 5.17.15 Linux Linux Kernel 5.18 Linux Linux Kernel 5.18.1 Linux Linux Kernel 5.18.2 Linux Linux Kernel 5.18.3 Linux Linux Kernel 5.18.4 Linux Linux Kernel 5.18.5 Linux Linux Kernel 5.18.6 Linux Linux Kernel 5.18.7 Linux Linux Kernel 5.18.8 Linux Linux Kernel 5.18.9 Linux Linux Kernel 5.18.10 Linux Linux Kernel 5.18.11 Linux Linux Kernel 5.18.12 Linux Linux Kernel 5.18.13 Linux Linux Kernel 5.18.14 Linux Linux Kernel 5.18.15 Linux Linux Kernel 5.18.16 Linux Linux Kernel 5.18.17 Linux Linux Kernel 5.18.18 Linux Linux Kernel 5.18.19 Linux Linux Kernel 5.19 Linux Linux Kernel 5.19.1 Linux Linux Kernel 5.19.2 Linux Linux Kernel 5.19.3 Linux Linux Kernel 5.19.4 Linux Linux Kernel 5.19.5 Linux Linux Kernel 5.19.6 Linux Linux Kernel 5.19.7 Linux Linux Kernel 5.19.8 Linux Linux Kernel 5.19.9 Linux Linux Kernel 5.19.10 Linux Linux Kernel 5.19.11 Linux Linux Kernel 5.19.12 Linux Linux Kernel 5.19.13 Linux Linux Kernel 5.19.14 Linux Linux Kernel 5.19.15 Linux Linux Kernel 5.19.16 Linux Linux Kernel 5.19.17 Linux Linux Kernel 6.0 Linux Linux Kernel 6.0.1 Linux Linux Kernel 6.0.2 Linux Linux Kernel 6.0.3 Linux Linux Kernel 6.0.4 Linux Linux Kernel 6.0.5 Linux Linux Kernel 6.0.6 Linux Linux Kernel 6.0.7 Linux Linux Kernel 6.0.8 Linux Linux Kernel 6.0.9 Linux Linux Kernel 6.0.10 Linux Linux Kernel 6.0.11 Linux Linux Kernel 6.0.12 Linux Linux Kernel 6.0.13 Linux Linux Kernel 6.0.14 Linux Linux Kernel 6.0.15 Linux Linux Kernel 6.0.16 Linux Linux Kernel 6.0.17 Linux Linux Kernel 6.0.18 Linux Linux Kernel 6.0.19 Linux Linux Kernel 6.1 Linux Linux Kernel 6.1.1 Linux Linux Kernel 6.1.2 Linux Linux Kernel 6.1.3 Linux Linux Kernel 6.1.4 Linux Linux Kernel 6.1.5 Linux Linux Kernel 6.1.6	123

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References