CVE-2022-48690

ice: Fix DMA mappings leak

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix DMA mappings leak

Fix leak, when user changes ring parameters.
During reallocation of RX buffers, new DMA mappings are created for
those buffers. New buffers with different RX ring count should
substitute older ones, but those buffers were freed in ice_vsi_cfg_rxq
and reallocated again with ice_alloc_rx_buf. kfree on rx_buf caused
leak of already mapped DMA.
Reallocate ZC with xdp_buf struct, when BPF program loads. Reallocate
back to rx_buf, when BPF program unloads.
If BPF program is loaded/unloaded and XSK pools are created, reallocate
RX queues accordingly in XDP_SETUP_XSK_POOL handler.

Steps for reproduction:
while :
do
for ((i=0; i<=8160; i=i+32))
do
ethtool -G enp130s0f0 rx $i tx $i
sleep 0.5
ethtool -g enp130s0f0
done
done

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Reparar fuga de asignaciones DMA. Reparar fuga cuando el usuario cambia los parámetros del anillo. Durante la reasignación de búferes RX, se crean nuevas asignaciones DMA para esos búferes. Los nuevos búferes con diferente número de anillos RX deberían sustituir a los más antiguos, pero esos búferes se liberaron en ice_vsi_cfg_rxq y se reasignaron nuevamente con ice_alloc_rx_buf. kfree en rx_buf provocó una fuga de DMA ya mapeado. Reasigne ZC con la estructura xdp_buf, cuando se cargue el programa BPF. Reasigne nuevamente a rx_buf, cuando se descargue el programa BPF. Si se carga/descarga el programa BPF y se crean grupos XSK, reasigne las colas RX en consecuencia en el controlador XDP_SETUP_XSK_POOL. Pasos para la reproducción: while: do for ((i=0; i<=8160; i=i+32)) do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g enp130s0f0 done done

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-03 CVE Reserved
2024-05-03 CVE Published
2024-05-04 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/617f3e1b588c802517c236087561c6bcb0b4afd6	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/07f40e9f0ff342eb3e97d5c544783b7cb641689c	2022-09-15
https://git.kernel.org/stable/c/7e753eb675f0523207b184558638ee2eed6c9ac2	2022-09-02

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 5.19.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 5.19.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.0"		en		Affected