In the Linux kernel, the following vulnerability has been resolved:
scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(),
which in a confidential VM allocates swiotlb bounce buffers. If the I/O
submission fails in storvsc_do_io(), the I/O is typically retried by higher
level code, but the bounce buffer memory is never freed. The mostly like
cause of I/O submission failure is a full VMBus channel ring buffer, which
is not uncommon under high I/O loads. Eventually enough bounce buffer
memory leaks that the confidential VM can’t do any I/O. The same problem
can arise in a non-confidential VM with kernel boot parameter
swiotlb=force.
Fix this by doing scsi_dma_unmap() in the case of an I/O submission
error, which frees the bounce buffer memory.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1033.40 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1033.40~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < 5.15.0-1033.40.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde-5.15 | < 5.15.0-1033.40~20.04.1.1 | UNKNOWN |
git.kernel.org/linus/67ff3d0a49f3d445c3922e30a54e03c161da561e (6.2-rc4)
git.kernel.org/stable/c/67ff3d0a49f3d445c3922e30a54e03c161da561e
git.kernel.org/stable/c/87c71e88f6a6619ffb1ff88f84dff48ef6d57adb
launchpad.net/bugs/cve/CVE-2022-48890
nvd.nist.gov/vuln/detail/CVE-2022-48890
security-tracker.debian.org/tracker/CVE-2022-48890
www.cve.org/CVERecord?id=CVE-2022-48890