Memory Leak Vulnerability in Linux Kernel Affecting CCP Driver

CVE-2022-50226

What is CVE-2022-50226?

In the Linux kernel's CCP driver, a vulnerability exists in certain SEV ioctl interfaces that could lead to the exposure of uninitialized memory. When input data is passed to these interfaces, the system may allocate memory based on the input size rather than the actual data size returned by the PSP firmware. If the PSP firmware does not overwrite the allocated buffer completely, this can result in sensitive information being revealed from uninitialized slab memory. While all current ioctl interfaces in the CCP driver are deemed safe, it is vital to transition memory allocation from kmalloc to kzalloc. This adjustment ensures that the data buffer is cleared, helping to mitigate risks associated with potential future vulnerabilities.

References