fkie_cve-2022-49556
Vulnerability from fkie_nvd
Published
2025-02-26 07:01
Modified
2025-02-26 07:01
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybe less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP firmware returns. In this case, kmalloc will allocate memory that is the size of the input rather than the size of the data. Since PSP firmware doesn't fully overwrite the allocated buffer, these sev ioctl interface may return uninitialized kernel slab memory.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/401bef1f95de92c3a8c6eece46e02fa88d7285ee
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/57a01725339f9d82b099102ba2751621b1caab93
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bbdcc644b59e01e98c68894a9fab42b9687f42b0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d22d2474e3953996f03528b84b7f52cc26a39403
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d8fdb4b24097472ff6b3c0559448200d420b1418
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak\n\nFor some sev ioctl interfaces, the length parameter that is passed maybe\nless than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data\nthat PSP firmware returns. In this case, kmalloc will allocate memory\nthat is the size of the input rather than the size of the data.\nSince PSP firmware doesn\u0027t fully overwrite the allocated buffer, these\nsev ioctl interface may return uninitialized kernel slab memory."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: SVM: Usar kzalloc para interfaces sev ioctl para evitar fugas de datos del kernel Para algunas interfaces sev ioctl, el par\u00e1metro de longitud que se pasa puede ser menor o igual a SEV_FW_BLOB_MAX_SIZE, pero mayor que los datos que devuelve el firmware de PSP. En este caso, kmalloc asignar\u00e1 memoria que sea del tama\u00f1o de la entrada en lugar del tama\u00f1o de los datos. Dado que el firmware de PSP no sobrescribe por completo el b\u00fafer asignado, estas interfaces sev ioctl pueden devolver memoria de losa de kernel no inicializada."
    }
  ],
  "id": "CVE-2022-49556",
  "lastModified": "2025-02-26T07:01:31.407",
  "metrics": {},
  "published": "2025-02-26T07:01:31.407",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/401bef1f95de92c3a8c6eece46e02fa88d7285ee"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/57a01725339f9d82b099102ba2751621b1caab93"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bbdcc644b59e01e98c68894a9fab42b9687f42b0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d22d2474e3953996f03528b84b7f52cc26a39403"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d8fdb4b24097472ff6b3c0559448200d420b1418"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.