cve-2022-48690
Vulnerability from cvelistv5
Published
2024-05-03 17:44
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
ice: Fix DMA mappings leak
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:48.743720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:44:28.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07f40e9f0ff342eb3e97d5c544783b7cb641689c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e753eb675f0523207b184558638ee2eed6c9ac2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_base.c",
"drivers/net/ethernet/intel/ice/ice_main.c",
"drivers/net/ethernet/intel/ice/ice_xsk.c",
"drivers/net/ethernet/intel/ice/ice_xsk.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07f40e9f0ff3",
"status": "affected",
"version": "617f3e1b588c",
"versionType": "git"
},
{
"lessThan": "7e753eb675f0",
"status": "affected",
"version": "617f3e1b588c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_base.c",
"drivers/net/ethernet/intel/ice/ice_main.c",
"drivers/net/ethernet/intel/ice/ice_xsk.c",
"drivers/net/ethernet/intel/ice/ice_xsk.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix DMA mappings leak\n\nFix leak, when user changes ring parameters.\nDuring reallocation of RX buffers, new DMA mappings are created for\nthose buffers. New buffers with different RX ring count should\nsubstitute older ones, but those buffers were freed in ice_vsi_cfg_rxq\nand reallocated again with ice_alloc_rx_buf. kfree on rx_buf caused\nleak of already mapped DMA.\nReallocate ZC with xdp_buf struct, when BPF program loads. Reallocate\nback to rx_buf, when BPF program unloads.\nIf BPF program is loaded/unloaded and XSK pools are created, reallocate\nRX queues accordingly in XDP_SETUP_XSK_POOL handler.\n\nSteps for reproduction:\nwhile :\ndo\n\tfor ((i=0; i\u003c=8160; i=i+32))\n\tdo\n\t\tethtool -G enp130s0f0 rx $i tx $i\n\t\tsleep 0.5\n\t\tethtool -g enp130s0f0\n\tdone\ndone"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:24.669Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07f40e9f0ff342eb3e97d5c544783b7cb641689c"
},
{
"url": "https://git.kernel.org/stable/c/7e753eb675f0523207b184558638ee2eed6c9ac2"
}
],
"title": "ice: Fix DMA mappings leak",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48690",
"datePublished": "2024-05-03T17:44:31.180Z",
"dateReserved": "2024-05-03T14:55:07.144Z",
"dateUpdated": "2024-08-03T15:17:55.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48690\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-03T18:15:08.167\",\"lastModified\":\"2024-05-06T12:44:56.377\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nice: Fix DMA mappings leak\\n\\nFix leak, when user changes ring parameters.\\nDuring reallocation of RX buffers, new DMA mappings are created for\\nthose buffers. New buffers with different RX ring count should\\nsubstitute older ones, but those buffers were freed in ice_vsi_cfg_rxq\\nand reallocated again with ice_alloc_rx_buf. kfree on rx_buf caused\\nleak of already mapped DMA.\\nReallocate ZC with xdp_buf struct, when BPF program loads. Reallocate\\nback to rx_buf, when BPF program unloads.\\nIf BPF program is loaded/unloaded and XSK pools are created, reallocate\\nRX queues accordingly in XDP_SETUP_XSK_POOL handler.\\n\\nSteps for reproduction:\\nwhile :\\ndo\\n\\tfor ((i=0; i\u003c=8160; i=i+32))\\n\\tdo\\n\\t\\tethtool -G enp130s0f0 rx $i tx $i\\n\\t\\tsleep 0.5\\n\\t\\tethtool -g enp130s0f0\\n\\tdone\\ndone\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Reparar fuga de asignaciones DMA. Reparar fuga cuando el usuario cambia los par\u00e1metros del anillo. Durante la reasignaci\u00f3n de b\u00faferes RX, se crean nuevas asignaciones DMA para esos b\u00faferes. Los nuevos b\u00faferes con diferente n\u00famero de anillos RX deber\u00edan sustituir a los m\u00e1s antiguos, pero esos b\u00faferes se liberaron en ice_vsi_cfg_rxq y se reasignaron nuevamente con ice_alloc_rx_buf. kfree en rx_buf provoc\u00f3 una fuga de DMA ya mapeado. Reasigne ZC con la estructura xdp_buf, cuando se cargue el programa BPF. Reasigne nuevamente a rx_buf, cuando se descargue el programa BPF. Si se carga/descarga el programa BPF y se crean grupos XSK, reasigne las colas RX en consecuencia en el controlador XDP_SETUP_XSK_POOL. Pasos para la reproducci\u00f3n: while: do for ((i=0; i\u0026lt;=8160; i=i+32)) do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g enp130s0f0 done done\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/07f40e9f0ff342eb3e97d5c544783b7cb641689c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7e753eb675f0523207b184558638ee2eed6c9ac2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.