CVE-2022-48924: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48924 is a memory leak vulnerability discovered in the Linux kernel's thermal management subsystem, specifically in the int3400_notify() function of the int340x thermal driver. The vulnerability was identified and disclosed on August 21, 2024, affecting TigerLake platforms and other systems using the INT3400 thermal management interface (CVE Details).

The vulnerability manifests as a memory leak in the int3400notify() function where allocated memory for thermal properties is not properly freed. The issue was discovered when unreferenced objects of size 32 bytes were detected in the TigerLake platform, specifically in the kworker process. The memory leak occurs in the thermal notification handling path, as evidenced by the backtrace showing the call chain through _kmalloctrackcaller, kvasprintf, kasprintf, and int3400_notify functions (Kernel Patch).

The vulnerability results in memory leaks in the Linux kernel's thermal management subsystem, which over time could lead to resource exhaustion. This particularly affects systems using the INT3400 thermal interface, such as TigerLake platforms, where the leaked memory is not properly released back to the system (CVE Details).

The vulnerability has been patched by adding proper memory cleanup calls using kfree() for the allocated thermal properties. The fix involves adding four kfree() calls to properly deallocate the memory after the kobjectueventenv call in the int3400_notify() function (Kernel Patch).