In the Linux kernel, the following vulnerability has been resolved:
scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(),
which in a confidential VM allocates swiotlb bounce buffers. If the I/O
submission fails in storvsc_do_io(), the I/O is typically retried by higher
level code, but the bounce buffer memory is never freed. The mostly like
cause of I/O submission failure is a full VMBus channel ring buffer, which
is not uncommon under high I/O loads. Eventually enough bounce buffer
memory leaks that the confidential VM can't do any I/O. The same problem
can arise in a non-confidential VM with kernel boot parameter
swiotlb=force.
Fix this by doing scsi_dma_unmap() in the case of an I/O submission
error, which frees the bounce buffer memory.
References
Configurations
Configuration 1 (hide)
|
History
06 Sep 2024, 15:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-401 | |
CPE | cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* |
|
References | () https://git.kernel.org/stable/c/67ff3d0a49f3d445c3922e30a54e03c161da561e - Patch | |
References | () https://git.kernel.org/stable/c/87c71e88f6a6619ffb1ff88f84dff48ef6d57adb - Patch | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Linux linux Kernel
Linux |
21 Aug 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-21 07:15
Updated : 2024-09-06 15:11
NVD link : CVE-2022-48890
Mitre link : CVE-2022-48890
CVE.ORG link : CVE-2022-48890
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-401
Missing Release of Memory after Effective Lifetime