Loading HuntDB...

CVE-2022-48867

UNKNOWN
Published 2024-08-21T06:09:57.153Z
Actions:
No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Prevent use after free on completion memory

On driver unload any pending descriptors are flushed at the
time the interrupt is freed:
idxd_dmaengine_drv_remove() ->
drv_disable_wq() ->
idxd_wq_free_irq() ->
idxd_flush_pending_descs().

If there are any descriptors present that need to be flushed this
flow triggers a "not present" page fault as below:

BUG: unable to handle page fault for address: ff391c97c70c9040
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page

The address that triggers the fault is the address of the
descriptor that was freed moments earlier via:
drv_disable_wq()->idxd_wq_free_resources()

Fix the use after free by freeing the descriptors after any possible
usage. This is done after idxd_wq_reset() to ensure that the memory
remains accessible during possible completion writes by the device.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

References

Published: 2024-08-21T06:09:57.153Z
Last Modified: 2025-05-04T08:25:07.385Z
Copied to clipboard!