CVE-2022-49556
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49556
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49556.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49556
- Downstream
- Related
- Published
- 2025-02-26T02:14:03Z
- Modified
- 2025-10-21T10:50:06.005562Z
- Summary
- KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak
For some sev ioctl interfaces, the length parameter that is passed maybe less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware returns. In this case, kmalloc will allocate memory that is the size of the input rather than the size of the data. Since PSP firmware doesn't fully overwrite the allocated buffer, these sev ioctl interface may return uninitialized kernel slab memory.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/401bef1f95de92c3a8c6eece46e02fa88d7285ee
- https://git.kernel.org/stable/c/57a01725339f9d82b099102ba2751621b1caab93
- https://git.kernel.org/stable/c/bbdcc644b59e01e98c68894a9fab42b9687f42b0
- https://git.kernel.org/stable/c/d22d2474e3953996f03528b84b7f52cc26a39403
- https://git.kernel.org/stable/c/d8fdb4b24097472ff6b3c0559448200d420b1418
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedeaf78265a4ab33935d3a0f1407ce4a91aac4d4d5Fixed401bef1f95de92c3a8c6eece46e02fa88d7285ee
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedeaf78265a4ab33935d3a0f1407ce4a91aac4d4d5Fixedd8fdb4b24097472ff6b3c0559448200d420b1418
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedeaf78265a4ab33935d3a0f1407ce4a91aac4d4d5Fixedbbdcc644b59e01e98c68894a9fab42b9687f42b0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedeaf78265a4ab33935d3a0f1407ce4a91aac4d4d5Fixed57a01725339f9d82b099102ba2751621b1caab93
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedeaf78265a4ab33935d3a0f1407ce4a91aac4d4d5Fixedd22d2474e3953996f03528b84b7f52cc26a39403
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.110
v5.10.111
v5.10.112
v5.10.113
v5.10.114
v5.10.115
v5.10.116
v5.10.117
v5.10.118
v5.10.119
v5.10.12
v5.10.120
v5.10.121
v5.10.122
v5.10.123
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@57a01725339f9d82b099102ba2751621b1caab93",
"target": {
"function": "__sev_dbg_decrypt_user",
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-08364904",
"signature_type": "Function",
"digest": {
"function_hash": "325553642690391476686904381151465277053",
"length": 617.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d22d2474e3953996f03528b84b7f52cc26a39403",
"target": {
"function": "__sev_dbg_decrypt_user",
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-1376741a",
"signature_type": "Function",
"digest": {
"function_hash": "325553642690391476686904381151465277053",
"length": 617.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@401bef1f95de92c3a8c6eece46e02fa88d7285ee",
"target": {
"function": "__sev_dbg_decrypt_user",
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-1b61c8b8",
"signature_type": "Function",
"digest": {
"function_hash": "127367559039518722202854099225282968225",
"length": 646.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d8fdb4b24097472ff6b3c0559448200d420b1418",
"target": {
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-4758df80",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"301593091141085725522867326441497244526",
"84226526777935096499641184849992505510",
"270810830032187316424946074941740971260",
"270409947300602221003814122554023303589",
"8215244962627597590770202061770958182",
"208294351833411952062309394248392415929",
"114553288686536001904191828525196356019",
"321458554424280224484410648802889527824",
"301593091141085725522867326441497244526",
"84226526777935096499641184849992505510",
"270810830032187316424946074941740971260",
"270409947300602221003814122554023303589",
"335801199714531628277069677766535405747",
"94304711810066346105986392128917259367",
"71436295648949302713060830279302616643",
"107126571142153639763338874510521342101",
"111262797889503066855482504667650987441",
"271973218526533361465072372392028585529",
"247864165094874840627240814949472755083",
"242741217556998357215900475295071172491",
"179626619313761921687277055290185073564",
"124261348456224276103732151137783505777",
"24038551755954943558319800353685130637"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbdcc644b59e01e98c68894a9fab42b9687f42b0",
"target": {
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-63fa2629",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"301593091141085725522867326441497244526",
"84226526777935096499641184849992505510",
"270810830032187316424946074941740971260",
"270409947300602221003814122554023303589",
"8215244962627597590770202061770958182",
"208294351833411952062309394248392415929",
"114553288686536001904191828525196356019",
"321458554424280224484410648802889527824",
"301593091141085725522867326441497244526",
"84226526777935096499641184849992505510",
"270810830032187316424946074941740971260",
"270409947300602221003814122554023303589",
"335801199714531628277069677766535405747",
"94304711810066346105986392128917259367",
"71436295648949302713060830279302616643",
"107126571142153639763338874510521342101",
"111262797889503066855482504667650987441",
"271973218526533361465072372392028585529",
"247864165094874840627240814949472755083",
"242741217556998357215900475295071172491",
"179626619313761921687277055290185073564",
"124261348456224276103732151137783505777",
"24038551755954943558319800353685130637"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d22d2474e3953996f03528b84b7f52cc26a39403",
"target": {
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-71489706",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"301593091141085725522867326441497244526",
"84226526777935096499641184849992505510",
"270810830032187316424946074941740971260",
"270409947300602221003814122554023303589",
"8215244962627597590770202061770958182",
"208294351833411952062309394248392415929",
"114553288686536001904191828525196356019",
"321458554424280224484410648802889527824",
"301593091141085725522867326441497244526",
"84226526777935096499641184849992505510",
"270810830032187316424946074941740971260",
"270409947300602221003814122554023303589",
"335801199714531628277069677766535405747",
"94304711810066346105986392128917259367",
"71436295648949302713060830279302616643",
"107126571142153639763338874510521342101",
"111262797889503066855482504667650987441",
"271973218526533361465072372392028585529",
"247864165094874840627240814949472755083",
"242741217556998357215900475295071172491",
"179626619313761921687277055290185073564",
"124261348456224276103732151137783505777",
"24038551755954943558319800353685130637"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d8fdb4b24097472ff6b3c0559448200d420b1418",
"target": {
"function": "__sev_dbg_decrypt_user",
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-c7aeb6c8",
"signature_type": "Function",
"digest": {
"function_hash": "325553642690391476686904381151465277053",
"length": 617.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbdcc644b59e01e98c68894a9fab42b9687f42b0",
"target": {
"function": "__sev_dbg_decrypt_user",
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-d917c9dc",
"signature_type": "Function",
"digest": {
"function_hash": "325553642690391476686904381151465277053",
"length": 617.0
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@57a01725339f9d82b099102ba2751621b1caab93",
"target": {
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-e8bf8b4b",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"301593091141085725522867326441497244526",
"84226526777935096499641184849992505510",
"270810830032187316424946074941740971260",
"270409947300602221003814122554023303589",
"8215244962627597590770202061770958182",
"208294351833411952062309394248392415929",
"114553288686536001904191828525196356019",
"321458554424280224484410648802889527824",
"301593091141085725522867326441497244526",
"84226526777935096499641184849992505510",
"270810830032187316424946074941740971260",
"270409947300602221003814122554023303589",
"335801199714531628277069677766535405747",
"94304711810066346105986392128917259367",
"71436295648949302713060830279302616643",
"107126571142153639763338874510521342101",
"111262797889503066855482504667650987441",
"271973218526533361465072372392028585529",
"247864165094874840627240814949472755083",
"242741217556998357215900475295071172491",
"179626619313761921687277055290185073564",
"124261348456224276103732151137783505777",
"24038551755954943558319800353685130637"
]
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@401bef1f95de92c3a8c6eece46e02fa88d7285ee",
"target": {
"file": "arch/x86/kvm/svm/sev.c"
},
"id": "CVE-2022-49556-ebad7f74",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"107971916989092694560315584280626054677",
"175435853197531679921538668072338250701",
"283992836168814775200253651784155337115",
"257940386544347944319371739827218877186",
"8215244962627597590770202061770958182",
"208294351833411952062309394248392415929",
"114553288686536001904191828525196356019",
"321458554424280224484410648802889527824"
]
},
"deprecated": false,
"signature_version": "v1"
}
]