Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2022-48867

UNKNOWN
Published 2024-08-21T06:09:57.153Z
Actions:
No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Prevent use after free on completion memory

On driver unload any pending descriptors are flushed at the
time the interrupt is freed:
idxd_dmaengine_drv_remove() ->
drv_disable_wq() ->
idxd_wq_free_irq() ->
idxd_flush_pending_descs().

If there are any descriptors present that need to be flushed this
flow triggers a "not present" page fault as below:

BUG: unable to handle page fault for address: ff391c97c70c9040
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page

The address that triggers the fault is the address of the
descriptor that was freed moments earlier via:
drv_disable_wq()->idxd_wq_free_resources()

Fix the use after free by freeing the descriptors after any possible
usage. This is done after idxd_wq_reset() to ensure that the memory
remains accessible during possible completion writes by the device.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Linux

Affected Versions:

63c14ae6c161dec8ff3be49277edc75a769e054a 63c14ae6c161dec8ff3be49277edc75a769e054a
Linux

Linux

Affected Versions:

5.19 0 6.1.8 6.2

References

https://git.kernel.org/stable/c/b9e8e3fcfec625fc1c2f68f684448aeeb882625b
https://git.kernel.org/stable/c/1beeec45f9ac31eba52478379f70a5fa9c2ad005
Published: 2024-08-21T06:09:57.153Z
Last Modified: 2025-05-04T08:25:07.385Z
Copied to clipboard!