CVE-2022-48924 in Linux
Summary
by MITRE • 08/22/2024
In the Linux kernel, the following vulnerability has been resolved:
thermal: int340x: fix memory leak in int3400_notify()
It is easy to hit the below memory leaks in my TigerLake platform:
unreferenced object 0xffff927c8b91dbc0 (size 32): comm "kworker/0:2", pid 112, jiffies 4294893323 (age 83.604s) hex dump (first 32 bytes): 4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The 72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk. backtrace: [] __kmalloc_track_caller+0x2fe/0x4a0
[] kvasprintf+0x65/0xd0
[] kasprintf+0x4e/0x70
[] int3400_notify+0x82/0x120 [int3400_thermal]
[] acpi_ev_notify_dispatch+0x54/0x71
[] acpi_os_execute_deferred+0x17/0x30
[] process_one_work+0x21a/0x3f0
[] worker_thread+0x4a/0x3b0
[] kthread+0xfd/0x130
[] ret_from_fork+0x1f/0x30
Fix it by calling kfree() accordingly.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/09/2024
The vulnerability CVE-2022-48924 represents a memory leak in the Linux kernel's thermal subsystem, specifically within the int3400_thermal driver module. This issue affects systems utilizing Intel TigerLake platforms and demonstrates a classic memory management flaw where allocated kernel memory is not properly released, leading to gradual resource exhaustion over time. The vulnerability occurs during the execution of the int3400_notify() function, which handles thermal notifications from ACPI (Advanced Configuration and Power Interface) events, making it particularly concerning for system stability and resource management in embedded and mobile computing environments.
The technical flaw manifests as a memory leak where the kernel allocates memory using functions like kvasprintf and kasprintf to construct thermal event messages but fails to release this memory through proper kfree() calls. The memory dump reveals a 32-byte allocation containing thermal-related data with the identifier "NAME=INT3400 Thermal" and subsequent padding bytes, indicating the kernel was constructing a notification message for thermal events. The backtrace shows the allocation path originating from the int3400_notify function within the int3400_thermal module, which is invoked through the ACPI event notification dispatcher, indicating this is a legitimate system operation that should not result in resource leaks.
This vulnerability operates at the kernel level and presents significant operational impact for systems relying on thermal management. The memory leak occurs in a worker thread context, specifically kworker/0:2, suggesting that thermal notifications are processed asynchronously and the leak accumulates over time as thermal events occur. The age of 83.604 seconds for the unreferenced object indicates this is not a one-time occurrence but a recurring problem that will continue to worsen system memory consumption. This type of memory leak can lead to system instability, reduced performance, and eventually system crashes or hangs, particularly on systems with limited memory resources such as mobile devices and embedded platforms.
The fix for CVE-2022-48924 involves implementing proper memory management practices by ensuring that all allocated memory is released through appropriate kfree() calls before the function returns or when the allocated resources are no longer needed. This addresses the root cause by following standard kernel programming practices and adheres to CWE-401 principles for memory management. The vulnerability aligns with ATT&CK technique T1490 (Inhibit System Recovery) as memory leaks can contribute to system instability and resource exhaustion, potentially making systems more vulnerable to denial of service conditions. The fix demonstrates proper kernel memory management that prevents resource exhaustion and maintains system stability during normal thermal event processing operations. This type of vulnerability highlights the critical importance of proper resource management in kernel space where memory leaks can have cascading effects on system performance and reliability.