CVE-2022-48904

iommu/amd: Fix I/O page table memory leak

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memory leak, and can be observed when launching VM w/ pass-through devices. Fix by freeing the memory used for page table before updating the mode.

References

Link	Tags
https://git.kernel.org/stable/c/378e2fe1eb58d5c2ed55c8fe5e11f9db5033cdd6	patch
https://git.kernel.org/stable/c/c78627f757e37c2cf386b59c700c4e1574988597	patch
https://git.kernel.org/stable/c/6b0b2d9a6a308bcd9300c2d83000a82812c56cea	patch

Frequently Asked Questions

What is the severity of CVE-2022-48904?: CVE-2022-48904 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48904?: To fix CVE-2022-48904, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48904 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-48904 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48904?: CVE-2022-48904 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-401 – Missing Release of Memory after Effective Lifetime

References

Frequently Asked Questions