admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-487xx/CVE-2022-48700.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

37 lines
2.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-48700",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T16:15:08.500",
"lastModified": "2024-05-06T12:44:56.377",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/type1: Unpin zero pages\n\nThere's currently a reference count leak on the zero page. We increment\nthe reference via pin_user_pages_remote(), but the page is later handled\nas an invalid/reserved page, therefore it's not accounted against the\nuser and not unpinned by our put_pfn().\n\nIntroducing special zero page handling in put_pfn() would resolve the\nleak, but without accounting of the zero page, a single user could\nstill create enough mappings to generate a reference count overflow.\n\nThe zero page is always resident, so for our purposes there's no reason\nto keep it pinned. Therefore, add a loop to walk pages returned from\npin_user_pages_remote() and unpin any zero pages."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vfio/type1: Desanclar p\u00e1ginas cero Actualmente hay una p\u00e9rdida de recuento de referencias en la p\u00e1gina cero. Incrementamos la referencia a trav\u00e9s de pin_user_pages_remote(), pero la p\u00e1gina luego se maneja como una p\u00e1gina no v\u00e1lida/reservada, por lo tanto, no se contabiliza contra el usuario y nuestro put_pfn() no la desancla. Introducir un manejo especial de la p\u00e1gina cero en put_pfn() resolver\u00eda la fuga, pero sin tener en cuenta la p\u00e1gina cero, un solo usuario a\u00fan podr\u00eda crear suficientes asignaciones para generar un desbordamiento del recuento de referencias. La p\u00e1gina cero siempre es residente, por lo que para nuestros prop\u00f3sitos no hay motivo para mantenerla fijada. Por lo tanto, agregue un bucle para recorrer las p\u00e1ginas devueltas desde pin_user_pages_remote() y desanclar las p\u00e1ginas cero."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5321908ef74fb593e0dbc8737d25038fc86c9986",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/578d644edc7d2c1ff53f7e4d0a25da473deb4a03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5d721bf222936f5cf3ee15ced53cc483ecef7e46",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink