-

CVE-2022-50058

In the Linux kernel, the following vulnerability has been resolved:

vdpa_sim_blk: set number of address spaces and virtqueue groups

Commit bda324fd037a ("vdpasim: control virtqueue support") added two
new fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to
initialize them for vdpa_sim_blk.

When creating a new vdpa_sim_blk device this causes the kernel
to panic in this way:
    $ vdpa dev add mgmtdev vdpasim_blk name blk0
    BUG: kernel NULL pointer dereference, address: 0000000000000030
    ...
    RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb]
    ...
    Call Trace:
     <TASK>
     vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb]
     vdpasim_map_range+0x91/0xd0 [vdpa_sim]
     vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim]
     ...

This happens because vdpasim->iommu[0] is not initialized when
dev_attr.nas is 0.

Let's fix this issue by initializing both (nas, ngroups) to 1 for
vdpa_sim_blk.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < a291c7d289fac2cb13fb2614a9a251afbbd86ce9
Version bda324fd037a6b0d44da5699574ce741ca161bc4
Status affected
Version < 19cd4a5471b8eaa4bd161b0fdb4567f2fc88d809
Version bda324fd037a6b0d44da5699574ce741ca161bc4
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.19
Status affected
Version < 5.19
Version 0
Status unaffected
Version <= 5.19.*
Version 5.19.4
Status unaffected
Version <= *
Version 6.0
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.059
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String