CVE-2022-49219

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the vfio/pci component. The leak occurs during the transition from D3hot to D0 power state when the vfio pci core device::needs pm restore flag is set. This happens because the pci load and free saved state() function, which is responsible for freeing the allocated memory, is not called in certain situations, such as when the guest resumes after a reset-related IOCTL. An attacker could exploit this by repeatedly triggering the state change to D3hot followed by a VFIO DEVICE RESET or VFIO DEVICE PCI HOT RESET, potentially leading to an out-of-memory (OOM) situation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.