{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48764", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T11:09:39.060Z", "datePublished": "2024-06-20T11:13:41.170Z", "dateUpdated": "2024-12-19T08:07:16.858Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:07:16.858Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}\n\nFree the \"struct kvm_cpuid_entry2\" array on successful post-KVM_RUN\nKVM_SET_CPUID{,2} to fix a memory leak, the callers of kvm_set_cpuid()\nfree the array only on failure.\n\n BUG: memory leak\n unreferenced object 0xffff88810963a800 (size 2048):\n  comm \"syz-executor025\", pid 3610, jiffies 4294944928 (age 8.080s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00  ................\n    47 65 6e 75 6e 74 65 6c 69 6e 65 49 00 00 00 00  GenuntelineI....\n  backtrace:\n    [<ffffffff814948ee>] kmalloc_node include/linux/slab.h:604 [inline]\n    [<ffffffff814948ee>] kvmalloc_node+0x3e/0x100 mm/util.c:580\n    [<ffffffff814950f2>] kvmalloc include/linux/slab.h:732 [inline]\n    [<ffffffff814950f2>] vmemdup_user+0x22/0x100 mm/util.c:199\n    [<ffffffff8109f5ff>] kvm_vcpu_ioctl_set_cpuid2+0x8f/0xf0 arch/x86/kvm/cpuid.c:423\n    [<ffffffff810711b9>] kvm_arch_vcpu_ioctl+0xb99/0x1e60 arch/x86/kvm/x86.c:5251\n    [<ffffffff8103e92d>] kvm_vcpu_ioctl+0x4ad/0x950 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4066\n    [<ffffffff815afacc>] vfs_ioctl fs/ioctl.c:51 [inline]\n    [<ffffffff815afacc>] __do_sys_ioctl fs/ioctl.c:874 [inline]\n    [<ffffffff815afacc>] __se_sys_ioctl fs/ioctl.c:860 [inline]\n    [<ffffffff815afacc>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860\n    [<ffffffff844a3335>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    [<ffffffff844a3335>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kvm/cpuid.c"], "versions": [{"version": "24e7590c60aa9487b8e43583dc9885f62f8216c1", "lessThan": "b9ee734a14bb685b2088f2176d82b34cb4e30dbc", "status": "affected", "versionType": "git"}, {"version": "c6617c61e8fe44b9e9fdfede921f61cac6b5149d", "lessThan": "811f95ff95270e6048197821434d9301e3d7f07c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kvm/cpuid.c"], "versions": [{"version": "5.16.3", "lessThan": "5.16.5", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b9ee734a14bb685b2088f2176d82b34cb4e30dbc"}, {"url": "https://git.kernel.org/stable/c/811f95ff95270e6048197821434d9301e3d7f07c"}], "title": "KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T13:26:56.412300Z", "id": "CVE-2022-48764", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T15:59:15.398Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.597Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9ee734a14bb685b2088f2176d82b34cb4e30dbc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/811f95ff95270e6048197821434d9301e3d7f07c", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b9ee734a14bb685b2088f2176d82b34cb4e30dbc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/811f95ff95270e6048197821434d9301e3d7f07c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.597Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-48764", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T13:26:56.412300Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T13:27:04.368Z"}}], "cna": {"title": "KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "24e7590c60aa9487b8e43583dc9885f62f8216c1", "lessThan": "b9ee734a14bb685b2088f2176d82b34cb4e30dbc", "versionType": "git"}, {"status": "affected", "version": "c6617c61e8fe44b9e9fdfede921f61cac6b5149d", "lessThan": "811f95ff95270e6048197821434d9301e3d7f07c", "versionType": "git"}], "programFiles": ["arch/x86/kvm/cpuid.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.16.3", "lessThan": "5.16.5", "versionType": "semver"}], "programFiles": ["arch/x86/kvm/cpuid.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/b9ee734a14bb685b2088f2176d82b34cb4e30dbc"}, {"url": "https://git.kernel.org/stable/c/811f95ff95270e6048197821434d9301e3d7f07c"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}\n\nFree the \"struct kvm_cpuid_entry2\" array on successful post-KVM_RUN\nKVM_SET_CPUID{,2} to fix a memory leak, the callers of kvm_set_cpuid()\nfree the array only on failure.\n\n BUG: memory leak\n unreferenced object 0xffff88810963a800 (size 2048):\n  comm \"syz-executor025\", pid 3610, jiffies 4294944928 (age 8.080s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00  ................\n    47 65 6e 75 6e 74 65 6c 69 6e 65 49 00 00 00 00  GenuntelineI....\n  backtrace:\n    [<ffffffff814948ee>] kmalloc_node include/linux/slab.h:604 [inline]\n    [<ffffffff814948ee>] kvmalloc_node+0x3e/0x100 mm/util.c:580\n    [<ffffffff814950f2>] kvmalloc include/linux/slab.h:732 [inline]\n    [<ffffffff814950f2>] vmemdup_user+0x22/0x100 mm/util.c:199\n    [<ffffffff8109f5ff>] kvm_vcpu_ioctl_set_cpuid2+0x8f/0xf0 arch/x86/kvm/cpuid.c:423\n    [<ffffffff810711b9>] kvm_arch_vcpu_ioctl+0xb99/0x1e60 arch/x86/kvm/x86.c:5251\n    [<ffffffff8103e92d>] kvm_vcpu_ioctl+0x4ad/0x950 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4066\n    [<ffffffff815afacc>] vfs_ioctl fs/ioctl.c:51 [inline]\n    [<ffffffff815afacc>] __do_sys_ioctl fs/ioctl.c:874 [inline]\n    [<ffffffff815afacc>] __se_sys_ioctl fs/ioctl.c:860 [inline]\n    [<ffffffff815afacc>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860\n    [<ffffffff844a3335>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    [<ffffffff844a3335>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:07:16.858Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48764", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:07:16.858Z", "dateReserved": "2024-06-20T11:09:39.060Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-20T11:13:41.170Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "216FBB0D-54A9-4964-A98D-0413F8FF051F", "versionEndExcluding": "5.16.5", "versionStartIncluding": "5.16.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}\n\nFree the \"struct kvm_cpuid_entry2\" array on successful post-KVM_RUN\nKVM_SET_CPUID{,2} to fix a memory leak, the callers of kvm_set_cpuid()\nfree the array only on failure.\n\n BUG: memory leak\n unreferenced object 0xffff88810963a800 (size 2048):\n  comm \"syz-executor025\", pid 3610, jiffies 4294944928 (age 8.080s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00  ................\n    47 65 6e 75 6e 74 65 6c 69 6e 65 49 00 00 00 00  GenuntelineI....\n  backtrace:\n    [<ffffffff814948ee>] kmalloc_node include/linux/slab.h:604 [inline]\n    [<ffffffff814948ee>] kvmalloc_node+0x3e/0x100 mm/util.c:580\n    [<ffffffff814950f2>] kvmalloc include/linux/slab.h:732 [inline]\n    [<ffffffff814950f2>] vmemdup_user+0x22/0x100 mm/util.c:199\n    [<ffffffff8109f5ff>] kvm_vcpu_ioctl_set_cpuid2+0x8f/0xf0 arch/x86/kvm/cpuid.c:423\n    [<ffffffff810711b9>] kvm_arch_vcpu_ioctl+0xb99/0x1e60 arch/x86/kvm/x86.c:5251\n    [<ffffffff8103e92d>] kvm_vcpu_ioctl+0x4ad/0x950 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4066\n    [<ffffffff815afacc>] vfs_ioctl fs/ioctl.c:51 [inline]\n    [<ffffffff815afacc>] __do_sys_ioctl fs/ioctl.c:874 [inline]\n    [<ffffffff815afacc>] __se_sys_ioctl fs/ioctl.c:860 [inline]\n    [<ffffffff815afacc>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860\n    [<ffffffff844a3335>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    [<ffffffff844a3335>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: Libere la matriz kvm_cpuid_entry2 en KVM_RUN KVM_SET_CPUID{,2} posterior a KVM_RUN KVM_SET_CPUID{,2} Libere la matriz \"struct kvm_cpuid_entry2\" en KVM_RUN KVM_SET_CPUID{,2} posterior a \u00e9xito para corregir una p\u00e9rdida de memoria , las personas que llaman a kvm_set_cpuid() liberan la matriz solo en caso de falla. ERROR: p\u00e9rdida de memoria, objeto sin referencia 0xffff88810963a800 (size 2048): comm \"syz-executor025\", pid 3610, jiffies 4294944928 (age 8.080s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 ................ 47 65 6e 75 6e 74 65 6c 69 6e 65 49 00 00 00 00 GenuntelineI.... backtrace: [] kmalloc_node include/linux/slab.h:604 [inline] [] kvmalloc_node+0x3e/0x100 mm/util.c:580 [] kvmalloc include/linux/slab.h:732 [inline] [] vmemdup_user+0x22/0x100 mm/util.c:199 [] kvm_vcpu_ioctl_set_cpuid2+0x8f/0xf0 arch/x86/kvm/cpuid.c:423 [] kvm_arch_vcpu_ioctl+0xb99/0x1e60 arch/x86/kvm/x86.c:5251 [] kvm_vcpu_ioctl+0x4ad/0x950 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4066 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:874 [inline] [] __se_sys_ioctl fs/ioctl.c:860 [inline] [] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae "}], "id": "CVE-2022-48764", "lastModified": "2025-03-24T18:16:46.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-20T12:15:14.450", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/811f95ff95270e6048197821434d9301e3d7f07c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9ee734a14bb685b2088f2176d82b34cb4e30dbc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/811f95ff95270e6048197821434d9301e3d7f07c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9ee734a14bb685b2088f2176d82b34cb4e30dbc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}", "id": "2293345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293345"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nKVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}\nFree the \"struct kvm_cpuid_entry2\" array on successful post-KVM_RUN\nKVM_SET_CPUID{,2} to fix a memory leak, the callers of kvm_set_cpuid()\nfree the array only on failure.\nBUG: memory leak\nunreferenced object 0xffff88810963a800 (size 2048):\ncomm \"syz-executor025\", pid 3610, jiffies 4294944928 (age 8.080s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00  ................\n47 65 6e 75 6e 74 65 6c 69 6e 65 49 00 00 00 00  GenuntelineI....\nbacktrace:\n[<ffffffff814948ee>] kmalloc_node include/linux/slab.h:604 [inline]\n[<ffffffff814948ee>] kvmalloc_node+0x3e/0x100 mm/util.c:580\n[<ffffffff814950f2>] kvmalloc include/linux/slab.h:732 [inline]\n[<ffffffff814950f2>] vmemdup_user+0x22/0x100 mm/util.c:199\n[<ffffffff8109f5ff>] kvm_vcpu_ioctl_set_cpuid2+0x8f/0xf0 arch/x86/kvm/cpuid.c:423\n[<ffffffff810711b9>] kvm_arch_vcpu_ioctl+0xb99/0x1e60 arch/x86/kvm/x86.c:5251\n[<ffffffff8103e92d>] kvm_vcpu_ioctl+0x4ad/0x950 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4066\n[<ffffffff815afacc>] vfs_ioctl fs/ioctl.c:51 [inline]\n[<ffffffff815afacc>] __do_sys_ioctl fs/ioctl.c:874 [inline]\n[<ffffffff815afacc>] __se_sys_ioctl fs/ioctl.c:860 [inline]\n[<ffffffff815afacc>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860\n[<ffffffff844a3335>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[<ffffffff844a3335>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae"], "name": "CVE-2022-48764", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48764\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48764\nhttps://lore.kernel.org/linux-cve-announce/2024062009-CVE-2022-48764-6de1@gregkh/T"], "threat_severity": "Low"}