CVE-2022-48700

May 3, 2024, 4:15 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not accounted against the user and not unpinned by our put_pfn(). Introducing special zero page handling in put_pfn() would resolve the leak, but without accounting of the zero page, a single user could still create enough mappings to generate a reference count overflow. The zero page is always resident, so for our purposes there's no reason to keep it pinned. Therefore, add a loop to walk pages returned from pin_user_pages_remote() and unpin any zero pages.

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/5321908ef74fb593e0dbc8737d25038fc86c9986
https://git.kernel.org/stable/c/578d644edc7d2c1ff53f7e4d0a25da473deb4a03
https://git.kernel.org/stable/c/5d721bf222936f5cf3ee15ced53cc483ecef7e46
https://git.kernel.org/stable/c/873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-03
CVE-2022-48700

Timeline

Published: May 3, 2024, 4:15 p.m.
Last Modified: May 3, 2024, 4:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.