CVE-2022-48890: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48890 affects the Linux kernel's SCSI StorVSC driver. The vulnerability was discovered in the storvscqueuecommand() function which maps scatter/gather lists using scsidma_map() in confidential VMs. The issue was disclosed in August 2024 and affects Linux kernel versions from 5.17 up to (excluding) 6.1.7, as well as versions 6.2-rc1, 6.2-rc2, and 6.2-rc3 (NVD).

The vulnerability occurs when I/O submission fails in storvscdoio(), typically due to a full VMBus channel ring buffer under high I/O loads. While the I/O is retried by higher level code, the bounce buffer memory allocated by scsidmamap() is never freed. This issue can also affect non-confidential VMs when using the kernel boot parameter swiotlb=force. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The primary impact is a memory leak that eventually leads to the exhaustion of bounce buffer memory. When enough memory leaks, the confidential VM becomes unable to perform any I/O operations, effectively causing a denial of service condition (Kernel Patch).

The vulnerability has been fixed by adding scsidmaunmap() call in the case of an I/O submission error, which properly frees the bounce buffer memory. The fix is included in the kernel patch 67ff3d0a49f3d445c3922e30a54e03c161da561e. Users should upgrade to patched kernel versions to mitigate this issue (Kernel Patch).