PT-2022-7626 · Linux+2 · Linux Kernel+2

Adrian Huang

Published

2022-02-28

Updated

2024-11-01

CVE-2022-48916

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc3+

Description The vulnerability is related to the iommu/vt-d component in the Linux kernel. When enabling VMD and IOMMU scalable mode, a kernel panic call trace/kernel log is shown, indicating a double list add issue. The vulnerability can cause a fatal exception and kernel panic, leading to a denial-of-service (DoS) condition. The issue is specific to the Eagle Stream platform with Sapphire Rapids CPU.

Recommendations To resolve the issue, update the Linux kernel to a version later than 5.17.0-rc3+. As a temporary workaround, consider disabling the VMD and IOMMU scalable mode until a patch is available. Additionally, restrict access to the vulnerable module iommu/vt-d to minimize the risk of exploitation.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2024-07470

CVE-2022-48916

OESA-2024-2321

OESA-2024-2322

OESA-2024-2324

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Linux Kernel

Red Os

Suse

PT-2022-7626 · Linux+2 · Linux Kernel+2

CVE-2022-48916

Weakness Enumeration

Related Identifiers

Affected Products

References · 762