SB2025061913 - Memory leak in Linux kernel pci hisilicon driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2022-50117)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vfio_ioctl_device_feature_mig_device_state() and vfio_ioctl_device_feature_migration() functions in drivers/vfio/vfio.c, within the vfio_pci_core_register_device() function in drivers/vfio/pci/vfio_pci_core.c, within the mlx5vf_pci_close_device() and mlx5vf_pci_probe() functions in drivers/vfio/pci/mlx5/main.c, within the mlx5vf_cmd_remove_migratable() and mlx5vf_cmd_set_migratable() functions in drivers/vfio/pci/mlx5/cmd.c, within the hisi_acc_vfio_pci_open_device(), hisi_acc_vfio_pci_close_device() and hisi_acc_vfio_pci_probe() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/6e97eba8ad8748fabb795cffc5d9e1a7dcfd7367
• https://git.kernel.org/stable/c/bba6b12d73d36e0ddbc2c3ac5668a667b00d4345
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2