CVE-2022-48700
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48700
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48700.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48700
- Related
- Published
- 2024-05-03T16:15:08Z
- Modified
- 2024-09-18T03:18:06.899470Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
vfio/type1: Unpin zero pages
There's currently a reference count leak on the zero page. We increment the reference via pinuserpagesremote(), but the page is later handled as an invalid/reserved page, therefore it's not accounted against the user and not unpinned by our putpfn().
Introducing special zero page handling in put_pfn() would resolve the leak, but without accounting of the zero page, a single user could still create enough mappings to generate a reference count overflow.
The zero page is always resident, so for our purposes there's no reason to keep it pinned. Therefore, add a loop to walk pages returned from pinuserpages_remote() and unpin any zero pages.
- References
-
- https://git.kernel.org/stable/c/5321908ef74fb593e0dbc8737d25038fc86c9986
- https://git.kernel.org/stable/c/578d644edc7d2c1ff53f7e4d0a25da473deb4a03
- https://git.kernel.org/stable/c/5d721bf222936f5cf3ee15ced53cc483ecef7e46
- https://git.kernel.org/stable/c/873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4
- https://security-tracker.debian.org/tracker/CVE-2022-48700
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.148-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source