CVE-2022-48731

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.0-custom #1

Description: The issue is related to the mm/kmemleak component of the Linux kernel, where a huge hole is created between node start pfn and node end pfn when using devm request free mem region and devm memremap pages to add ZONE DEVICE memory. This can cause a soft lockup due to busy test bit looping on the huge hole. The vulnerability was found on some AMD APUs where amdkfd requested a free mem region and created a huge hole.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the patch for the mm/kmemleak vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.