scsi:storvsc:修复机密虚拟机中的 swiotlb 反弹缓冲区泄漏(CVE-2022-48890)

admin 2024-08-23 00:26:24 Ali_nvd 来源:ZONE.CI 全球网 0 阅读模式
scsi:storvsc:修复机密虚拟机中的 swiotlb 反弹缓冲区泄漏(CVE-2022-48890)

CVE编号

CVE-2022-48890

利用情况

暂无

补丁情况

N/A

披露时间

2024-08-21
漏洞描述
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(), which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in storvsc_do_io(), the I/O is typically retried by higher level code, but the bounce buffer memory is never freed. The mostly like cause of I/O submission failure is a full VMBus channel ring buffer, which is not uncommon under high I/O loads. Eventually enough bounce buffer memory leaks that the confidential VM can't do any I/O. The same problem can arise in a non-confidential VM with kernel boot parameter swiotlb=force. Fix this by doing scsi_dma_unmap() in the case of an I/O submission error, which frees the bounce buffer memory.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://git.kernel.org/stable/c/67ff3d0a49f3d445c3922e30a54e03c161da561e
https://git.kernel.org/stable/c/87c71e88f6a6619ffb1ff88f84dff48ef6d57adb
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 debian_11 linux * Up to (excluding) 5.10.223-1
运行在以下环境
系统 debian_12 linux * Up to (excluding) 6.1.7-1
CVSS3评分 N/A
  • 攻击路径 N/A
  • 攻击复杂度 N/A
  • 权限要求 N/A
  • 影响范围 N/A
  • 用户交互 N/A
  • 可用性 N/A
  • 保密性 N/A
  • 完整性 N/A
N/A
CWE-ID 漏洞类型
- avd.aliyun.com
weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论:0   参与:  0