{ "threat_severity" : "Low", "public_date" : "2025-10-04T00:00:00Z", "bugzilla" : { "description" : "kernel: iommu/vt-d: Clean up si_domain in the init_dmars() error path", "id" : "2401576", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401576" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\niommu/vt-d: Clean up si_domain in the init_dmars() error path\nA splat from kmem_cache_destroy() was seen with a kernel prior to\ncommit ee2653bbe89d (\"iommu/vt-d: Remove domain and devinfo mempool\")\nwhen there was a failure in init_dmars(), because the iommu_domain\ncache still had objects. While the mempool code is now gone, there\nstill is a leak of the si_domain memory if init_dmars() fails. So\nclean up si_domain in the init_dmars() error path.", "A memory leak flaw was found in the Linux kernel's Intel VT-d IOMMU driver in the initialization error path. A local user can trigger this issue when the init_dmars function fails during IOMMU setup, causing the si_domain memory to remain allocated without being freed. This results in a permanent memory leak leading to resource exhaustion and denial of service." ], "statement" : "The init_dmars function performs IOMMU initialization and allocates the si_domain (shared identity domain) for devices that can bypass IOMMU translation. When initialization fails partway through, the error path returns without cleaning up the si_domain allocation. Since this is a boot-time initialization function, the leak occurs once per failed initialization attempt. While the leak was originally detected through kmem_cache errors, even after mempool removal the underlying memory leak persists. The issue requires conditions that cause IOMMU initialization to fail, which can occur due to hardware issues, misconfigurations, or resource constraints during boot.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-02-21T00:00:00Z", "advisory" : "RHSA-2023:0832", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-425.13.1.el8_7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2951", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-477.10.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50482\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50482\nhttps://lore.kernel.org/linux-cve-announce/2025100440-CVE-2022-50482-0291@gregkh/T" ], "name" : "CVE-2022-50482", "csaw" : false }