CVE-2022-50738
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel vhost-vdpa Component Fixed

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix an iotlb memory leak Before commit 3d5698793897 ("vhost-vdpa: introduce asid based IOTLB") we called vhost_vdpa_iotlb_unmap(v, iotlb, 0ULL, 0ULL - 1) during release to free all the resources allocated when processing user IOTLB messages through vhost_vdpa_process_iotlb_update(). That commit changed the handling of IOTLB a bit, and we accidentally removed some code called during the release. We partially fixed this with commit 037d4305569a ("vhost-vdpa: call vhost_vdpa_cleanup during the release") but a potential memory leak is still there as showed by kmemleak if the application does not send VHOST_IOTLB_INVALIDATE or crashes: unreferenced object 0xffff888007fbaa30 (size 16): comm "blkio-bench", pid 914, jiffies 4294993521 (age 885.500s) hex dump (first 16 bytes): 40 73 41 07 80 88 ff ff 00 00 00 00 00 00 00 00 @sA............. backtrace: [<0000000087736d2a>] kmem_cache_alloc_trace+0x142/0x1c0 [<0000000060740f50>] vhost_vdpa_process_iotlb_msg+0x68c/0x901 [vhost_vdpa] [<0000000083e8e205>] vhost_chr_write_iter+0xc0/0x4a0 [vhost] [<000000008f2f414a>] vhost_vdpa_chr_write_iter+0x18/0x20 [vhost_vdpa] [<00000000de1cd4a0>] vfs_write+0x216/0x4b0 [<00000000a2850200>] ksys_write+0x71/0xf0 [<00000000de8e720b>] __x64_sys_write+0x19/0x20 [<0000000018b12cbb>] do_syscall_64+0x3f/0x90 [<00000000986ec465>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Let's fix this calling vhost_vdpa_iotlb_unmap() on the whole range in vhost_vdpa_remove_as(). We move that call before vhost_dev_cleanup() since we need a valid v->vdev.mm in vhost_vdpa_pa_unmap(). vhost_iotlb_reset() call can be removed, since vhost_vdpa_iotlb_unmap() on the whole range removes all the entries. The kmemleak log reported was observed with a vDPA device that has `use_va` set to true (e.g. VDUSE). This patch has been tested with both types of devices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50738
EUVD
EUVD-2022-55823
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's vhost-vdpa component. Specifically, it occurs because some memory allocated for IOTLB (Input-Output Translation Lookaside Buffer) entries is not properly freed during release if the application does not send a VHOST_IOTLB_INVALIDATE message or crashes. This leak happens due to changes in how IOTLB handling was implemented, where a necessary cleanup call was accidentally removed. The issue causes unreferenced memory objects to remain allocated, which can be detected by kmemleak.


How can this vulnerability impact me? :

The impact of this vulnerability is a potential memory leak in the Linux kernel when using vhost-vdpa devices. Over time, this leak can cause increased memory usage, which may degrade system performance or stability, especially if the application crashes or does not send the required invalidate messages. This could lead to resource exhaustion or unexpected behavior in systems relying on vhost-vdpa for device virtualization.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for memory leaks related to vhost-vdpa using kmemleak or similar kernel memory leak detection tools. Specifically, look for unreferenced objects in kernel memory associated with vhost_vdpa_process_iotlb_msg as indicated by kmemleak logs. Commands such as 'echo scan > /sys/kernel/debug/kmemleak' followed by 'cat /sys/kernel/debug/kmemleak' can be used to scan and view memory leaks in the kernel.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the patch that fixes the memory leak by ensuring vhost_vdpa_iotlb_unmap() is called on the whole range in vhost_vdpa_remove_as(), as described in the fix. Until the patch is applied, monitor for crashes or memory leaks related to vhost-vdpa and consider restarting affected services or systems to clear leaked memory. Additionally, ensure that applications using vhost-vdpa send VHOST_IOTLB_INVALIDATE messages properly to avoid leaks.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart