5.5

CVE-2022-48904

EPSS 0.03%
Published 22.08.2024 02:15:04
Last modified 12.09.2024 13:55:34
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Fix I/O page table memory leak

The current logic updates the I/O page table mode for the domain
before calling the logic to free memory used for the page table.
This results in IOMMU page table memory leak, and can be observed
when launching VM w/ pass-through devices.

Fix by freeing the memory used for page table before updating the mode.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.12 < 5.15.27

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.13

Linux ≫ Linux Kernel Version5.17 Updaterc1

Linux ≫ Linux Kernel Version5.17 Updaterc2

Linux ≫ Linux Kernel Version5.17 Updaterc3

Linux ≫ Linux Kernel Version5.17 Updaterc4

Linux ≫ Linux Kernel Version5.17 Updaterc5

Linux ≫ Linux Kernel Version5.17 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.065

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6

Patch

https://git.kernel.org/stable/c/6b0b2d9a6a308bcd9300c2d83000a82812c56cea

Patch

https://git.kernel.org/stable/c/c78627f757e37c2cf386b59c700c4e1574988597

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48904

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48904

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48904

EUVD