CVE-2022-50738

EUVD-2022-55823
In the Linux kernel, the following vulnerability has been resolved:

vhost-vdpa: fix an iotlb memory leak

Before commit 3d5698793897 ("vhost-vdpa: introduce asid based IOTLB")
we called vhost_vdpa_iotlb_unmap(v, iotlb, 0ULL, 0ULL - 1) during
release to free all the resources allocated when processing user IOTLB
messages through vhost_vdpa_process_iotlb_update().
That commit changed the handling of IOTLB a bit, and we accidentally
removed some code called during the release.

We partially fixed this with commit 037d4305569a ("vhost-vdpa: call
vhost_vdpa_cleanup during the release") but a potential memory leak is
still there as showed by kmemleak if the application does not send
VHOST_IOTLB_INVALIDATE or crashes:

  unreferenced object 0xffff888007fbaa30 (size 16):
    comm "blkio-bench", pid 914, jiffies 4294993521 (age 885.500s)
    hex dump (first 16 bytes):
      40 73 41 07 80 88 ff ff 00 00 00 00 00 00 00 00  @sA.............
    backtrace:
      [<0000000087736d2a>] kmem_cache_alloc_trace+0x142/0x1c0
      [<0000000060740f50>] vhost_vdpa_process_iotlb_msg+0x68c/0x901 [vhost_vdpa]
      [<0000000083e8e205>] vhost_chr_write_iter+0xc0/0x4a0 [vhost]
      [<000000008f2f414a>] vhost_vdpa_chr_write_iter+0x18/0x20 [vhost_vdpa]
      [<00000000de1cd4a0>] vfs_write+0x216/0x4b0
      [<00000000a2850200>] ksys_write+0x71/0xf0
      [<00000000de8e720b>] __x64_sys_write+0x19/0x20
      [<0000000018b12cbb>] do_syscall_64+0x3f/0x90
      [<00000000986ec465>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Let's fix this calling vhost_vdpa_iotlb_unmap() on the whole range in
vhost_vdpa_remove_as(). We move that call before vhost_dev_cleanup()
since we need a valid v->vdev.mm in vhost_vdpa_pa_unmap().
vhost_iotlb_reset() call can be removed, since vhost_vdpa_iotlb_unmap()
on the whole range removes all the entries.

The kmemleak log reported was observed with a vDPA device that has `use_va`
set to true (e.g. VDUSE). This patch has been tested with both types of
devices.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.158-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.247-1
fixed
forky
6.17.12-1
fixed
sid
6.17.13-1
fixed
trixie
6.12.57-1
fixed
trixie (security)
6.12.48-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
linux-hwe
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
linux-hwe-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-hwe-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-hwe-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-hwe-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-hwe-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-hwe-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-hwe-edge
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
ignored
linux-lts-xenial
jammy
dne
noble
dne
plucky
dne
questing
dne
trusty
needs-triage
linux-kvm
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
linux-allwinner-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
linux-aws-5.0
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-aws-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-aws-hwe
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
linux-azure
bionic
ignored
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
linux-azure-4.15
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-azure-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-azure-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-azure-fde
focal
ignored
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
dne
linux-azure-fde-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-fde-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-fde-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-fde-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-azure-fde-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-azure-nvidia
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-azure-nvidia-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-bluefield
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-edge
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
xenial
needs-triage
linux-aws-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-azure-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gcp-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gcp
bionic
ignored
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
linux-gcp-4.15
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-gcp-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-gcp-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-gcp-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-gcp-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-gcp-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-gke
focal
ignored
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gke-4.15
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gke-5.4
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gke-5.15
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gkeop
focal
ignored
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gkeop-5.4
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gkeop-5.15
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-ibm
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-ibm-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-ibm-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-ibm-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-intel-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-intel-iotg
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-intel-iotg-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-iot
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-intel-iot-realtime
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-lowlatency
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-lowlatency-hwe-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-nvidia
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-nvidia-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-nvidia-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-nvidia-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-nvidia-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-nvidia-lowlatency
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-nvidia-tegra
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-nvidia-tegra-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-nvidia-tegra-igx
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-oracle
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
linux-oracle-5.0
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oracle-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-oracle-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-oem
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.6
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.10
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.14
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.17
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.0
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.1
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.8
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-oem-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-oem-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-oem-6.17
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-raspi
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
linux-raspi2
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-raspi-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-raspi-realtime
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-realtime
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
linux-realtime-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-realtime-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-riscv
focal
ignored
jammy
ignored
noble
ignored
plucky
needs-triage
questing
needs-triage
linux-riscv-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-riscv-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-riscv-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-riscv-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-riscv-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-riscv-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-riscv-6.14
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-starfive-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-starfive-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-starfive-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-xilinx
jammy
dne
noble
needs-triage
plucky
needs-triage
questing
dne
linux-xilinx-zynqmp
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/4e92cb33bfb51eee5f28bb10846c46f266a4bb67
https://git.kernel.org/stable/c/a2907867e2c86067accd2f011d6f23ee5533aa6c
https://git.kernel.org/stable/c/c070c1912a83432530cbb4271d5b9b11fa36b67a