Количество 10
Количество 10
CVE-2022-48700
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not accounted against the user and not unpinned by our put_pfn(). Introducing special zero page handling in put_pfn() would resolve the leak, but without accounting of the zero page, a single user could still create enough mappings to generate a reference count overflow. The zero page is always resident, so for our purposes there's no reason to keep it pinned. Therefore, add a loop to walk pages returned from pin_user_pages_remote() and unpin any zero pages.
CVE-2022-48700
[REJECTED CVE] A vulnerability was identified in the Linux kernel’s vfio/type1 subsystem, where a reference count leak on the zero page occurred due to improper handling in put_pfn(). The page was pinned via pin_user_pages_remote() but not properly unpinned, leading to a resource exhaustion risk. An attacker could exploit this by repeatedly mapping zero pages, potentially causing a reference count overflow, leading to undefined behavior or system instability.
CVE-2022-48700
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-x2pf-v9q2-vj6j
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not accounted against the user and not unpinned by our put_pfn(). Introducing special zero page handling in put_pfn() would resolve the leak, but without accounting of the zero page, a single user could still create enough mappings to generate a reference count overflow. The zero page is always resident, so for our purposes there's no reason to keep it pinned. Therefore, add a loop to walk pages returned from pin_user_pages_remote() and unpin any zero pages.
BDU:2024-09764
Уязвимость компонентов vfio/type1 ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальной информации
ROS-20241113-01
Множественные уязвимости kernel-lt
SUSE-SU-2024:1644-1
Security update for the Linux Kernel
SUSE-SU-2024:1659-1
Security update for the Linux Kernel
SUSE-SU-2024:1663-1
Security update for the Linux Kernel
SUSE-SU-2024:2189-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-48700 In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not accounted against the user and not unpinned by our put_pfn(). Introducing special zero page handling in put_pfn() would resolve the leak, but without accounting of the zero page, a single user could still create enough mappings to generate a reference count overflow. The zero page is always resident, so for our purposes there's no reason to keep it pinned. Therefore, add a loop to walk pages returned from pin_user_pages_remote() and unpin any zero pages. | около 1 года назад | ||
 | CVE-2022-48700 [REJECTED CVE] A vulnerability was identified in the Linux kernel’s vfio/type1 subsystem, where a reference count leak on the zero page occurred due to improper handling in put_pfn(). The page was pinned via pin_user_pages_remote() but not properly unpinned, leading to a resource exhaustion risk. An attacker could exploit this by repeatedly mapping zero pages, potentially causing a reference count overflow, leading to undefined behavior or system instability. | CVSS3: 5.5 | около 1 года назад | |
 | CVE-2022-48700 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | около 1 года назад | ||
| GHSA-x2pf-v9q2-vj6j In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not accounted against the user and not unpinned by our put_pfn(). Introducing special zero page handling in put_pfn() would resolve the leak, but without accounting of the zero page, a single user could still create enough mappings to generate a reference count overflow. The zero page is always resident, so for our purposes there's no reason to keep it pinned. Therefore, add a loop to walk pages returned from pin_user_pages_remote() and unpin any zero pages. | около 1 года назад | ||
 | BDU:2024-09764 Уязвимость компонентов vfio/type1 ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальной информации | CVSS3: 3.3 | почти 3 года назад | |
 | ROS-20241113-01 Множественные уязвимости kernel-lt | CVSS3: 8.8 | 7 месяцев назад | |
 | SUSE-SU-2024:1644-1 Security update for the Linux Kernel | около 1 года назад | ||
| SUSE-SU-2024:1659-1 Security update for the Linux Kernel | около 1 года назад | ||
| SUSE-SU-2024:1663-1 Security update for the Linux Kernel | около 1 года назад | ||
| SUSE-SU-2024:2189-1 Security update for the Linux Kernel | 12 месяцев назад |
Уязвимостей на страницу