CVE-2022-50271

Summary

In the Linux kernel, the following vulnerability has been resolved:

vhost/vsock: Use kvmalloc/kvfree for larger packets.

When copying a large file over sftp over vsock, data size is usually 32kB, and kmalloc seems to fail to try to allocate 32 32kB regions.

vhost-5837: page allocation failure: order:4, mode:0x24040c0 Call Trace: [<ffffffffb6a0df64>] dump_stack+0x97/0xdb [<ffffffffb68d6aed>] warn_alloc_failed+0x10f/0x138 [<ffffffffb68d868a>] ? __alloc_pages_direct_compact+0x38/0xc8 [<ffffffffb664619f>] __alloc_pages_nodemask+0x84c/0x90d [<ffffffffb6646e56>] alloc_kmem_pages+0x17/0x19 [<ffffffffb6653a26>] kmalloc_order_trace+0x2b/0xdb [<ffffffffb66682f3>] __kmalloc+0x177/0x1f7 [<ffffffffb66e0d94>] ? copy_from_iter+0x8d/0x31d [<ffffffffc0689ab7>] vhost_vsock_handle_tx_kick+0x1fa/0x301 [vhost_vsock] [<ffffffffc06828d9>] vhost_worker+0xf7/0x157 [vhost] [<ffffffffb683ddce>] kthread+0xfd/0x105 [<ffffffffc06827e2>] ? vhost_dev_set_owner+0x22e/0x22e [vhost] [<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3 [<ffffffffb6eb332e>] ret_from_fork+0x4e/0x80 [<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3

Work around by doing kvmalloc instead.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux433fc58e6bf2c8bd97e57153ed28e64fd78207b8 < 0d720c3f0a03e97867deab7e480ba3d3e19837baaffected
LinuxLinux433fc58e6bf2c8bd97e57153ed28e64fd78207b8 < 7aac8c63f604e6a6a46560c0f0188cd0332cf320affected
LinuxLinux433fc58e6bf2c8bd97e57153ed28e64fd78207b8 < e6d0152c95108651f1880c1ddfab47cb9e3e62d0affected
LinuxLinux433fc58e6bf2c8bd97e57153ed28e64fd78207b8 < b4a5905fd2ef841cd61e969ea692c213c2e5c1f7affected
LinuxLinux433fc58e6bf2c8bd97e57153ed28e64fd78207b8 < e28a4e7f0296824c61a81e7fd54ab48bad3e75adaffected
LinuxLinux433fc58e6bf2c8bd97e57153ed28e64fd78207b8 < a99fc6d818161d6f1ff3307de8bf5237f6cc34d8affected
LinuxLinux433fc58e6bf2c8bd97e57153ed28e64fd78207b8 < 36c9f340c60413e28f980c0224c4e9d35851526baffected
LinuxLinux433fc58e6bf2c8bd97e57153ed28e64fd78207b8 < 0e3f72931fc47bb81686020cc643cde5d9cd0bb8affected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux4.14.296 <= 4.14.*unaffected
LinuxLinux4.19.262 <= 4.19.*unaffected
LinuxLinux5.4.220 <= 5.4.*unaffected
LinuxLinux5.10.150 <= 5.10.*unaffected
LinuxLinux5.15.75 <= 5.15.*unaffected
LinuxLinux5.19.17 <= 5.19.*unaffected
LinuxLinux6.0.3 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References