{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49556", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.590Z", "datePublished": "2025-02-26T02:14:03.630Z", "dateUpdated": "2025-05-04T08:40:28.652Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:40:28.652Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak\n\nFor some sev ioctl interfaces, the length parameter that is passed maybe\nless than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data\nthat PSP firmware returns. In this case, kmalloc will allocate memory\nthat is the size of the input rather than the size of the data.\nSince PSP firmware doesn't fully overwrite the allocated buffer, these\nsev ioctl interface may return uninitialized kernel slab memory."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kvm/svm/sev.c"], "versions": [{"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5", "lessThan": "401bef1f95de92c3a8c6eece46e02fa88d7285ee", "status": "affected", "versionType": "git"}, {"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5", "lessThan": "d8fdb4b24097472ff6b3c0559448200d420b1418", "status": "affected", "versionType": "git"}, {"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5", "lessThan": "bbdcc644b59e01e98c68894a9fab42b9687f42b0", "status": "affected", "versionType": "git"}, {"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5", "lessThan": "57a01725339f9d82b099102ba2751621b1caab93", "status": "affected", "versionType": "git"}, {"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5", "lessThan": "d22d2474e3953996f03528b84b7f52cc26a39403", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kvm/svm/sev.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.124", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.45", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.13", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.2", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.10.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.15.45"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.17.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.18.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/401bef1f95de92c3a8c6eece46e02fa88d7285ee"}, {"url": "https://git.kernel.org/stable/c/d8fdb4b24097472ff6b3c0559448200d420b1418"}, {"url": "https://git.kernel.org/stable/c/bbdcc644b59e01e98c68894a9fab42b9687f42b0"}, {"url": "https://git.kernel.org/stable/c/57a01725339f9d82b099102ba2751621b1caab93"}, {"url": "https://git.kernel.org/stable/c/d22d2474e3953996f03528b84b7f52cc26a39403"}], "title": "KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak\n\nFor some sev ioctl interfaces, the length parameter that is passed maybe\nless than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data\nthat PSP firmware returns. In this case, kmalloc will allocate memory\nthat is the size of the input rather than the size of the data.\nSince PSP firmware doesn't fully overwrite the allocated buffer, these\nsev ioctl interface may return uninitialized kernel slab memory."}], "id": "CVE-2022-49556", "lastModified": "2025-02-26T07:01:31.407", "metrics": {}, "published": "2025-02-26T07:01:31.407", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/401bef1f95de92c3a8c6eece46e02fa88d7285ee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/57a01725339f9d82b099102ba2751621b1caab93"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bbdcc644b59e01e98c68894a9fab42b9687f42b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d22d2474e3953996f03528b84b7f52cc26a39403"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d8fdb4b24097472ff6b3c0559448200d420b1418"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak", "id": "2348031", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348031"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nKVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak\nFor some sev ioctl interfaces, the length parameter that is passed maybe\nless than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data\nthat PSP firmware returns. In this case, kmalloc will allocate memory\nthat is the size of the input rather than the size of the data.\nSince PSP firmware doesn't fully overwrite the allocated buffer, these\nsev ioctl interface may return uninitialized kernel slab memory."], "name": "CVE-2022-49556", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49556\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49556\nhttps://lore.kernel.org/linux-cve-announce/2025022617-CVE-2022-49556-9870@gregkh/T"], "threat_severity": "Moderate"}