CVE-2022-48690 in Linux
Summary
by MITRE • 05/03/2024
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix DMA mappings leak
Fix leak, when user changes ring parameters. During reallocation of RX buffers, new DMA mappings are created for those buffers. New buffers with different RX ring count should substitute older ones, but those buffers were freed in ice_vsi_cfg_rxq and reallocated again with ice_alloc_rx_buf. kfree on rx_buf caused leak of already mapped DMA. Reallocate ZC with xdp_buf struct, when BPF program loads. Reallocate back to rx_buf, when BPF program unloads. If BPF program is loaded/unloaded and XSK pools are created, reallocate RX queues accordingly in XDP_SETUP_XSK_POOL handler.
Steps for reproduction: while : do for ((i=0; i<=8160; i=i+32)) do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g enp130s0f0 done done
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/29/2025
The vulnerability CVE-2022-48690 represents a critical memory management flaw in the Linux kernel's ice driver, specifically affecting Intel Ethernet network adapters. This issue manifests as a DMA mapping leak that occurs when users modify ring parameters during runtime operations. The flaw is categorized under CWE-401 as a weakness related to improper management of memory resources, directly impacting the kernel's ability to properly handle DMA mappings for network packet processing. The vulnerability is particularly significant because it affects the fundamental network I/O operations that underpin system connectivity and performance.
The technical implementation of this vulnerability stems from improper handling of RX buffer reallocation within the ice_vsi_cfg_rxq function. When ring parameters are modified, the driver attempts to reallocate RX buffers for the new configuration, but fails to properly manage the lifecycle of existing DMA mappings. Specifically, when older buffers are freed through kfree operations on rx_buf structures, the associated DMA mappings remain allocated in the system's memory management tables, creating a memory leak that accumulates over time. This occurs because the new buffers are allocated with different RX ring counts, requiring substitution of older buffers, but the cleanup process does not properly unmap the previous DMA regions before freeing the memory structures.
The operational impact of this vulnerability extends beyond simple memory consumption issues, as it can lead to system performance degradation and potential resource exhaustion. Network administrators who regularly adjust ring parameters using tools like ethtool will experience gradual memory leaks that can eventually impact system stability and network throughput. The reproduction steps demonstrate how frequent parameter changes can accelerate the leak accumulation, with the test script continuously modifying RX buffer sizes and monitoring the configuration changes. This vulnerability particularly affects systems running high-throughput network workloads where dynamic parameter adjustment is common, making it relevant to data center and enterprise network environments.
The mitigation strategy for this vulnerability involves implementing proper DMA mapping lifecycle management during buffer reallocation operations. The fix requires ensuring that when RX buffers are reallocated, existing DMA mappings are properly unmapped before the old buffer structures are freed. Additionally, the solution must handle the specific case of XDP (eXpress Data Path) program loading and unloading, where buffers need to be reallocated between xdp_buf and rx_buf structures. This requires careful coordination with the BPF (Berkeley Packet Filter) program lifecycle management and proper handling of XSK (XDP Socket) pool operations. The fix aligns with ATT&CK technique T1059.006 for execution through system commands and T1070.004 for indicator removal, as it addresses improper resource management that could be exploited to create persistent system issues. System administrators should apply the kernel patch immediately and monitor network performance metrics to ensure proper memory utilization following the update.