CVE-2022-48867

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the Linux kernel's dmaengine subsystem, specifically in the idxd driver. When the driver is unloaded, any pending descriptors are flushed, which can trigger a "not present" page fault if the descriptors have already been freed. This is caused by the flow of functions: idxd dmaengine drv remove() -> drv disable wq() -> idxd wq free irq() -> idxd flush pending descs(). The address that triggers the fault is the address of the descriptor that was freed moments earlier via drv disable wq()->idxd wq free resources(). The fix involves freeing the descriptors after any possible usage, done after idxd wq reset() to ensure the memory remains accessible during possible completion writes by the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.