CVE-2022-49784: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49784 is a memory leak vulnerability discovered in the Linux kernel's performance monitoring subsystem, specifically in the AMD uncore performance monitoring code. When a CPU comes online, while the per-CPU NB and LLC uncore contexts are properly freed, the events array within the context structure remains allocated, resulting in a memory leak that was identified by the kernel memory leak detector (kmemleak) (Wiz Database, NVD).

The vulnerability occurs in the perf/x86/amd/uncore component of the Linux kernel. The issue arises when a CPU comes online, where the per-CPU NB and LLC uncore contexts are freed but not the events array within the context structure. This memory leak was detected by the kmemleak detector. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5, indicating moderate severity (Red Hat).

The primary impact of this vulnerability is a memory leak in the kernel, which could lead to degraded system performance over time as memory resources are not properly freed. The issue affects systems running the Linux kernel with AMD processors that utilize the uncore performance monitoring features (Wiz Database).

The issue has been resolved by modifying the code to properly free the events array before freeing the uncore context. The fix has been implemented in the Linux kernel, and affected distributions are releasing updated packages. Red Hat Enterprise Linux 9 has deferred the fix for both kernel and kernel-rt packages (Red Hat).