CVE-2022-48893: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's drm/i915/gt driver has been identified and tracked as CVE-2022-48893. The issue involves incomplete cleanup during engine discovery failures in the Intel graphics driver. This vulnerability was discovered and disclosed in August 2024, affecting Linux kernel versions up to (excluding) 6.1.7 (NVD).

The vulnerability occurs when driver initialization is aborted during gt/engine discovery, resulting in some engines being fully setup while others remain incomplete. The key technical issue is that incompletely setup engines have 'engine->release == NULL', which leads to memory leaks of common allocated objects. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The primary impact of this vulnerability is a potential memory leak in the system when the Intel graphics driver initialization fails. This can lead to resource exhaustion and system instability over time (NVD).

The vulnerability has been patched by adding proper cleanup procedures for partial engine discovery failures. The fix includes calling intelenginecleanupcommon(engine) when setup fails and adding verification that the backend is responsible for cleanup through a GEMBUG_ON check (Kernel Patch).