CVE-2022-49219— vfio/pci: fix memory leak during D3hot to D0 transition

EPSS 0.06% · P18 Updated May 13, 2026

Affected Version Matrix 12

Vendor	Product	Version Range	Status
Linux	Linux	`51ef3a004b1eb6241e56b3aa8495769a092a4dc2< da426ad86027b849b877d4628b277ffbbd2f5325`	affected
		`51ef3a004b1eb6241e56b3aa8495769a092a4dc2< 4319f17fb8264ba39352b611dfa913a4d8c1d1a0`	affected
		`51ef3a004b1eb6241e56b3aa8495769a092a4dc2< 26ddd196e9eb264da8e1bdc4df8a94d62581c8b5`	affected
		`51ef3a004b1eb6241e56b3aa8495769a092a4dc2< c8a1f8bd586ee31020614b8d48b702ece3e2ae44`	affected
		`51ef3a004b1eb6241e56b3aa8495769a092a4dc2< eadf88ecf6ac7d6a9f47a76c6055d9a1987a8991`	affected
		`5.1`	affected
		`< 5.1`	unaffected
		`5.10.237≤ 5.10.*`	unaffected
… +4 more rows

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-49219

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

vfio/pci: fix memory leak during D3hot to D0 transition

Source: NVD (National Vulnerability Database)

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfio_pci_core_device::needs_pm_restore' is set (PCI device does not have No_Soft_Reset bit set in its PMCSR config register), then the current PCI state will be saved locally in 'vfio_pci_core_device::pm_save' during D0->D3hot transition and same will be restored back during D3hot->D0 transition. For saving the PCI state locally, pci_store_saved_state() is being used and the pci_load_and_free_saved_state() will free the allocated memory. But for reset related IOCTLs, vfio driver calls PCI reset-related API's which will internally change the PCI power state back to D0. So, when the guest resumes, then it will get the current state as D0 and it will skip the call to vfio_pci_set_power_state() for changing the power state to D0 explicitly. In this case, the memory pointed by 'pm_save' will never be freed. In a malicious sequence, the state changing to D3hot followed by VFIO_DEVICE_RESET/VFIO_DEVICE_PCI_HOT_RESET can be run in a loop and it can cause an OOM situation. This patch frees the earlier allocated memory first before overwriting 'pm_save' to prevent the mentioned memory leak.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于vfio/pci在D3hot到D0转换期间未释放pm_save内存，导致内存泄漏。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Linux	Linux	51ef3a004b1eb6241e56b3aa8495769a092a4dc2 ~ da426ad86027b849b877d4628b277ffbbd2f5325	-
Linux	Linux	5.1	-

II. Public POCs for CVE-2022-49219

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-49219

请登录查看更多情报信息。

Patch · 5

Same Patch Batch · Linux · 2025-02-26 · 706 CVEs total

CVE-2022-49498		ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
CVE-2022-49486		ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
CVE-2022-49488		drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
CVE-2022-49489		drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm run
CVE-2022-49490		drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
CVE-2022-49491		drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
CVE-2022-49492		nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
CVE-2022-49493		ASoC: rt5645: Fix errorenous cleanup order
CVE-2022-49494		mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()
CVE-2022-49495		drm/msm/hdmi: check return value after calling platform_get_resource_byname()
CVE-2022-49497		net: remove two BUG() from skb_checksum_help()
CVE-2022-49496		media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko
CVE-2022-49502		media: rga: fix possible memory leak in rga_probe
CVE-2022-49507		regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
CVE-2022-49508		HID: elan: Fix potential double free in elan_input_configured
CVE-2022-49506		drm/mediatek: Add vblank register/unregister callback functions
CVE-2022-49504		scsi: lpfc: Inhibit aborts if external loopback plug is inserted
CVE-2022-49505		NFC: NULL out the dev->rfkill to prevent UAF
CVE-2022-49501		usbnet: Run unregister_netdev() before unbind() again
CVE-2022-49500		wl1251: dynamically allocate memory used for DMA

Showing top 20 of 706 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux

Same vendor: Linux

V. Comments for CVE-2022-49219

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-49219— vfio/pci: fix memory leak during D3hot to D0 transition

Affected Version Matrix 12

I. Basic Information for CVE-2022-49219

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-49219

III. Intelligence Information for CVE-2022-49219

Same Patch Batch · Linux · 2025-02-26 · 706 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-49219

Leave a comment