CVE-2022-48890
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48890
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48890.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48890
- Downstream
- Related
- Published
- 2024-08-21T06:10:22Z
- Modified
- 2025-10-08T06:44:03.868099Z
- Summary
- scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
storvscqueuecommand() maps the scatter/gather list using scsidmamap(), which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in storvscdo_io(), the I/O is typically retried by higher level code, but the bounce buffer memory is never freed. The mostly like cause of I/O submission failure is a full VMBus channel ring buffer, which is not uncommon under high I/O loads. Eventually enough bounce buffer memory leaks that the confidential VM can't do any I/O. The same problem can arise in a non-confidential VM with kernel boot parameter swiotlb=force.
Fix this by doing scsidmaunmap() in the case of an I/O submission error, which frees the bounce buffer memory.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced743b237c3a7b0f5b44aa704aae8a1058877b6322Fixed87c71e88f6a6619ffb1ff88f84dff48ef6d57adb
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced743b237c3a7b0f5b44aa704aae8a1058877b6322Fixed67ff3d0a49f3d445c3922e30a54e03c161da561e
Affected versions
v5.*
v6.*
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 2638.0,
"function_hash": "184821857264601518052598031642888141010"
},
"id": "CVE-2022-48890-0fd4c810",
"target": {
"file": "drivers/scsi/storvsc_drv.c",
"function": "storvsc_queuecommand"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87c71e88f6a6619ffb1ff88f84dff48ef6d57adb"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"132460952986978051917696031989102031797",
"169566271865076041396762107045842728390",
"290785843913529746840370975794278068739"
],
"threshold": 0.9
},
"id": "CVE-2022-48890-a086a3e8",
"target": {
"file": "drivers/scsi/storvsc_drv.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87c71e88f6a6619ffb1ff88f84dff48ef6d57adb"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 2638.0,
"function_hash": "184821857264601518052598031642888141010"
},
"id": "CVE-2022-48890-d81077d7",
"target": {
"file": "drivers/scsi/storvsc_drv.c",
"function": "storvsc_queuecommand"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@67ff3d0a49f3d445c3922e30a54e03c161da561e"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"132460952986978051917696031989102031797",
"169566271865076041396762107045842728390",
"290785843913529746840370975794278068739"
],
"threshold": 0.9
},
"id": "CVE-2022-48890-db921117",
"target": {
"file": "drivers/scsi/storvsc_drv.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@67ff3d0a49f3d445c3922e30a54e03c161da561e"
}
]
}