In the Linux kernel, the following vulnerability has been resolved:
perf/x86/amd/uncore: Fix memory leak for events array
When a CPU comes online, the per-CPU NB and LLC uncore contexts are freed but not the events array within the context structure. This causes a memory leak as identified by the kmemleak detector.
[...] unreferenced object 0xffff8c5944b8e320 (size 32): comm "swapper/0", pid 1, jiffies 4294670387 (age 151.072s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000000759fb79>] amduncorecpuupprepare+0xaf/0x230 [<00000000ddc9e126>] cpuhpinvokecallback+0x2cf/0x470 [<0000000093e727d4>] cpuhpissuecall+0x14d/0x170 [<0000000045464d54>] _cpuhpsetupstatecpuslocked+0x11e/0x330 [<0000000069f67cbd>] _cpuhpsetupstate+0x6b/0x110 [<0000000015365e0f>] amduncoreinit+0x260/0x321 [<00000000089152d2>] dooneinitcall+0x3f/0x1f0 [<000000002d0bd18d>] kernelinitfreeable+0x1ca/0x212 [<0000000030be8dde>] kernelinit+0x11/0x120 [<0000000059709e59>] retfromfork+0x22/0x30 unreferenced object 0xffff8c5944b8dd40 (size 64): comm "swapper/0", pid 1, jiffies 4294670387 (age 151.072s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000306efe8b>] amduncorecpuupprepare+0x183/0x230 [<00000000ddc9e126>] cpuhpinvokecallback+0x2cf/0x470 [<0000000093e727d4>] cpuhpissuecall+0x14d/0x170 [<0000000045464d54>] _cpuhpsetupstatecpuslocked+0x11e/0x330 [<0000000069f67cbd>] _cpuhpsetupstate+0x6b/0x110 [<0000000015365e0f>] amduncoreinit+0x260/0x321 [<00000000089152d2>] dooneinitcall+0x3f/0x1f0 [<000000002d0bd18d>] kernelinitfreeable+0x1ca/0x212 [<0000000030be8dde>] kernelinit+0x11/0x120 [<0000000059709e59>] retfromfork+0x22/0x30 [...]
Fix the problem by freeing the events array before freeing the uncore context.
{ "vanir_signatures": [ { "target": { "function": "uncore_clean_online", "file": "arch/x86/events/amd/uncore.c" }, "id": "CVE-2022-49784-12bd8daf", "digest": { "length": 185.0, "function_hash": "138331147804805638851038710843549549633" }, "deprecated": false, "signature_type": "Function", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bdfe34597139cfcecd47a2eb97fea44d77157491" }, { "target": { "function": "uncore_clean_online", "file": "arch/x86/events/amd/uncore.c" }, "id": "CVE-2022-49784-2dc20bfd", "digest": { "length": 185.0, "function_hash": "138331147804805638851038710843549549633" }, "deprecated": false, "signature_type": "Function", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f75be9885d49e3717de962345c4572ddab52b178" }, { "target": { "file": "arch/x86/events/amd/uncore.c" }, "id": "CVE-2022-49784-55b15090", "digest": { "threshold": 0.9, "line_hashes": [ "181180899582266149785191880045677211287", "276101935781763025137018848947803783055", "182797600511125342051260085263803581824", "172648177076713874682864192783968217584" ] }, "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f75be9885d49e3717de962345c4572ddab52b178" }, { "target": { "file": "arch/x86/events/amd/uncore.c" }, "id": "CVE-2022-49784-8dad3a90", "digest": { "threshold": 0.9, "line_hashes": [ "181180899582266149785191880045677211287", "276101935781763025137018848947803783055", "182797600511125342051260085263803581824", "172648177076713874682864192783968217584" ] }, "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bdfe34597139cfcecd47a2eb97fea44d77157491" } ] }