admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/49xxx/CVE-2022-49219.json
CVE Team 5e803aff1b
"-Synchronized-Data."
2025-05-02 07:00:40 +00:00

135 lines
7.4 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-49219",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: fix memory leak during D3hot to D0 transition\n\nIf 'vfio_pci_core_device::needs_pm_restore' is set (PCI device does\nnot have No_Soft_Reset bit set in its PMCSR config register), then\nthe current PCI state will be saved locally in\n'vfio_pci_core_device::pm_save' during D0->D3hot transition and same\nwill be restored back during D3hot->D0 transition.\nFor saving the PCI state locally, pci_store_saved_state() is being\nused and the pci_load_and_free_saved_state() will free the allocated\nmemory.\n\nBut for reset related IOCTLs, vfio driver calls PCI reset-related\nAPI's which will internally change the PCI power state back to D0. So,\nwhen the guest resumes, then it will get the current state as D0 and it\nwill skip the call to vfio_pci_set_power_state() for changing the\npower state to D0 explicitly. In this case, the memory pointed by\n'pm_save' will never be freed. In a malicious sequence, the state changing\nto D3hot followed by VFIO_DEVICE_RESET/VFIO_DEVICE_PCI_HOT_RESET can be\nrun in a loop and it can cause an OOM situation.\n\nThis patch frees the earlier allocated memory first before overwriting\n'pm_save' to prevent the mentioned memory leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "51ef3a004b1eb6241e56b3aa8495769a092a4dc2",
"version_value": "da426ad86027b849b877d4628b277ffbbd2f5325"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.1",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.237",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/da426ad86027b849b877d4628b277ffbbd2f5325",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da426ad86027b849b877d4628b277ffbbd2f5325"
},
{
"url": "https://git.kernel.org/stable/c/4319f17fb8264ba39352b611dfa913a4d8c1d1a0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4319f17fb8264ba39352b611dfa913a4d8c1d1a0"
},
{
"url": "https://git.kernel.org/stable/c/26ddd196e9eb264da8e1bdc4df8a94d62581c8b5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/26ddd196e9eb264da8e1bdc4df8a94d62581c8b5"
},
{
"url": "https://git.kernel.org/stable/c/c8a1f8bd586ee31020614b8d48b702ece3e2ae44",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c8a1f8bd586ee31020614b8d48b702ece3e2ae44"
},
{
"url": "https://git.kernel.org/stable/c/eadf88ecf6ac7d6a9f47a76c6055d9a1987a8991",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eadf88ecf6ac7d6a9f47a76c6055d9a1987a8991"
}
]
},
"generator": {
"engine": "bippy-1.1.0"
}
}
Reference in New Issue View Git Blame Copy Permalink