Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2022-48764
HistoryJun 20, 2024 - 11:13 a.m.

CVE-2022-48764 KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}

2024-06-2011:13:41
Linux
www.cve.org
2
kvm
x86
free
kvm_cpuid_entry2
post-kvm_run
kvm_set_cpuid
2
vulnerability
linux kernel
memory leak

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}

Free the “struct kvm_cpuid_entry2” array on successful post-KVM_RUN
KVM_SET_CPUID{,2} to fix a memory leak, the callers of kvm_set_cpuid()
free the array only on failure.

BUG: memory leak
unreferenced object 0xffff88810963a800 (size 2048):
comm “syz-executor025”, pid 3610, jiffies 4294944928 (age 8.080s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 …
47 65 6e 75 6e 74 65 6c 69 6e 65 49 00 00 00 00 GenuntelineI…
backtrace:
[<ffffffff814948ee>] kmalloc_node include/linux/slab.h:604 [inline]
[<ffffffff814948ee>] kvmalloc_node+0x3e/0x100 mm/util.c:580
[<ffffffff814950f2>] kvmalloc include/linux/slab.h:732 [inline]
[<ffffffff814950f2>] vmemdup_user+0x22/0x100 mm/util.c:199
[<ffffffff8109f5ff>] kvm_vcpu_ioctl_set_cpuid2+0x8f/0xf0 arch/x86/kvm/cpuid.c:423
[<ffffffff810711b9>] kvm_arch_vcpu_ioctl+0xb99/0x1e60 arch/x86/kvm/x86.c:5251
[<ffffffff8103e92d>] kvm_vcpu_ioctl+0x4ad/0x950 arch/x86/kvm/…/…/…/virt/kvm/kvm_main.c:4066
[<ffffffff815afacc>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff815afacc>] __do_sys_ioctl fs/ioctl.c:874 [inline]
[<ffffffff815afacc>] __se_sys_ioctl fs/ioctl.c:860 [inline]
[<ffffffff815afacc>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860
[<ffffffff844a3335>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff844a3335>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/x86/kvm/cpuid.c"
    ],
    "versions": [
      {
        "version": "24e7590c60aa",
        "lessThan": "b9ee734a14bb",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c6617c61e8fe",
        "lessThan": "811f95ff9527",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/x86/kvm/cpuid.c"
    ],
    "versions": [
      {
        "version": "5.16.3",
        "lessThan": "5.16.5",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Related

redhatcve 1
vulnrichment 1
nvd 1
ubuntucve 1
debiancve 1
cve 1
redhatcve
redhatcve
CVE-2022-48764
2024-06-20 14:26:37
vulnrichment
vulnrichment
CVE-2022-48764 KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}
2024-06-20 11:13:41
nvd
nvd
CVE-2022-48764
2024-06-20 12:15:14
ubuntucve
ubuntucve
CVE-2022-48764
2024-06-20 00:00:00
debiancve
debiancve
CVE-2022-48764
2024-06-20 12:15:14
cve
cve
CVE-2022-48764
2024-06-20 12:15:14

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVELIST:CVE-2022-48764
redhatcve1vulnrichment1nvd1ubuntucve1debiancve1cve1