CVE-2022-49455 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
misc: ocxl: fix possible double free in ocxl_file_register_afu
info_release() will be called in device_unregister() when info->dev's reference count is 0. So there is no need to call ocxl_afu_put() and kfree() again.
Fix this by adding free_minor() and return to err_unregister error path.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/26/2025
The vulnerability identified as CVE-2022-49455 affects the Linux kernel's OpenCAPI PCIe Accelerator (ocxl) subsystem, specifically within the ocxl_file_register_afu function. This issue represents a critical double free vulnerability that arises from improper resource management during device registration and cleanup operations. The flaw occurs in the context of OpenCAPI accelerator support where the kernel attempts to manage device resources through reference counting mechanisms, but fails to properly account for resource deallocation sequences.
The technical root cause stems from a race condition in the error handling path of the ocxl subsystem where the info_release() function is invoked during device_unregister() when the device reference count reaches zero. However, the existing code structure attempts to perform additional cleanup operations including ocxl_afu_put() and kfree() calls even after the device has already been unregistered. This duplication in cleanup operations creates a scenario where memory allocated for device information structures could be freed twice, leading to potential memory corruption and system instability.
This vulnerability operates at the kernel level and represents a classic memory safety issue that aligns with CWE-415, which describes double free conditions in software systems. The flaw specifically impacts the Linux kernel's device management subsystem and can be categorized under the ATT&CK technique T1059.006 for execution through kernel-level code manipulation. When exploited, this vulnerability could allow an attacker with local access to potentially corrupt kernel memory structures, leading to privilege escalation or system crashes.
The operational impact of CVE-2022-49455 extends beyond simple memory corruption as it affects systems utilizing OpenCAPI accelerators, particularly those deployed in high-performance computing environments and data center infrastructures. Systems running affected kernel versions could experience unexpected system panics or crashes when the ocxl subsystem handles device registration errors, potentially disrupting critical workloads. The vulnerability is particularly concerning in enterprise environments where OpenCAPI accelerators are used for specialized computing tasks such as cryptographic processing, data compression, or high-throughput data analysis.
Mitigation strategies for this vulnerability involve applying the kernel patch that introduces a proper free_minor() function and modifies the error handling path to prevent redundant cleanup operations. The fix ensures that when device registration fails, the system properly transitions to an error path that avoids calling both device_unregister() and manual cleanup functions. Organizations should prioritize kernel updates to address this vulnerability, particularly in environments where OpenCAPI accelerators are actively deployed. Additionally, system administrators should monitor for potential memory corruption symptoms and maintain robust backup and recovery procedures to handle any unexpected system instability that may result from this flaw. The vulnerability demonstrates the importance of careful resource management in kernel space and highlights the need for thorough testing of error handling paths in device drivers.