VYPR
High severity7.8NVD Advisory· Published Aug 21, 2024· Updated Jun 17, 2026

CVE-2022-48867

CVE-2022-48867

Description

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Prevent use after free on completion memory

On driver unload any pending descriptors are flushed at the time the interrupt is freed: idxd_dmaengine_drv_remove() -> drv_disable_wq() -> idxd_wq_free_irq() -> idxd_flush_pending_descs().

If there are any descriptors present that need to be flushed this flow triggers a "not present" page fault as below:

BUG: unable to handle page fault for address: ff391c97c70c9040 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page

The address that triggers the fault is the address of the descriptor that was freed moments earlier via: drv_disable_wq()->idxd_wq_free_resources()

Fix the use after free by freeing the descriptors after any possible usage. This is done after idxd_wq_reset() to ensure that the memory remains accessible during possible completion writes by the device.

Affected products

2
  • Linux/Kernelllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 5.19

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.