CVE-2022-48894

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the iommu/arm-smmu-v3 component in the Linux kernel. It is caused by the driver calling iommu device unregister() from the shutdown path, which removes the IOMMU groups without coordination with their users. This can lead to NULL pointer dereferences in the drivers' DMA API calls. The problem is similar to the one in SMMUv2. Instead of calling the full arm smmu device remove() from arm smmu device shutdown(), the relevant function call arm smmu device disable() is used, which is more or less the reverse of arm smmu device reset(). The exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.