CVE-2022-49219

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vfio/pci: fix memory leak during D3hot to D0 transition<br /> <br /> If &amp;#39;vfio_pci_core_device::needs_pm_restore&amp;#39; is set (PCI device does<br /> not have No_Soft_Reset bit set in its PMCSR config register), then<br /> the current PCI state will be saved locally in<br /> &amp;#39;vfio_pci_core_device::pm_save&amp;#39; during D0-&gt;D3hot transition and same<br /> will be restored back during D3hot-&gt;D0 transition.<br /> For saving the PCI state locally, pci_store_saved_state() is being<br /> used and the pci_load_and_free_saved_state() will free the allocated<br /> memory.<br /> <br /> But for reset related IOCTLs, vfio driver calls PCI reset-related<br /> API&amp;#39;s which will internally change the PCI power state back to D0. So,<br /> when the guest resumes, then it will get the current state as D0 and it<br /> will skip the call to vfio_pci_set_power_state() for changing the<br /> power state to D0 explicitly. In this case, the memory pointed by<br /> &amp;#39;pm_save&amp;#39; will never be freed. In a malicious sequence, the state changing<br /> to D3hot followed by VFIO_DEVICE_RESET/VFIO_DEVICE_PCI_HOT_RESET can be<br /> run in a loop and it can cause an OOM situation.<br /> <br /> This patch frees the earlier allocated memory first before overwriting<br /> &amp;#39;pm_save&amp;#39; to prevent the mentioned memory leak.