CVE-2022-48731 is a medium-severity vulnerability in the Linux kernel related to the memory management subsystem, specifically the kernel memory leak detector (kmemleak) and its handling of ZONE_DEVICE memory regions. The issue arises when the kernel functions devm_request_free_mem_region() and devm_memremap_pages() are used to add ZONE_DEVICE memory with very large end page frame numbers (PFNs), such as 0x400000000. This causes the node_end_pfn() function to return an excessively large value, creating a huge gap or "hole" between node_start_pfn() and node_end_pfn(). On some AMD APUs, the amdkfd driver requests such large free memory regions, triggering this condition. The kmemleak scanning code then enters a busy loop iterating over this huge hole by repeatedly calling test_bit() on a large range of PFNs. This results in a soft lockup where the CPU is stuck for an extended period (e.g., 26 seconds), severely degrading system responsiveness and potentially causing system instability. The vulnerability does not lead to confidentiality or integrity compromise but impacts availability by causing a denial-of-service (DoS) condition through CPU resource exhaustion. The patch fixes the issue by preventing scanning over these huge holes, thereby avoiding the busy loop and soft lockup. Performance tests show that before the patch, systems with the amdgpu module loaded experienced a significant delay (35 seconds) due to the busy loop, which was reduced to approximately 1 second after patching. Systems without the amdgpu module were unaffected. This vulnerability requires local privileges (PR:L) and low attack complexity (AC:L) but no user interaction (UI:N). It affects Linux kernel versions containing the vulnerable code and is particularly relevant for systems running AMD APUs with the amdkfd driver enabled.

For European organizations, the primary impact of CVE-2022-48731 is a potential denial-of-service condition on Linux systems running AMD APUs with the affected kernel versions. This could disrupt critical services, especially in environments relying on Linux servers or workstations with AMD hardware for compute or graphical workloads. The soft lockup can cause system hangs or degraded performance, impacting availability of applications and services. Industries such as research institutions, media production, and enterprises using AMD-based Linux servers or desktops could face operational interruptions. While the vulnerability does not expose sensitive data or allow privilege escalation, the availability impact could lead to downtime, loss of productivity, and increased operational costs due to system restarts or troubleshooting. Given the reliance on Linux in many European public sector and private sector infrastructures, unpatched systems could experience service degradation. However, the requirement for local privileges limits remote exploitation, reducing the risk of widespread attacks but emphasizing the need for internal security controls to prevent unauthorized local access.

1. Apply the official Linux kernel patch that addresses CVE-2022-48731 as soon as possible to prevent the busy loop and soft lockup condition. 2. For organizations unable to immediately patch, consider disabling or unloading the amdgpu and amdkfd kernel modules if AMD APUs are not critical to operations. 3. Implement strict access controls and monitoring to prevent unauthorized local access to Linux systems, as exploitation requires local privileges. 4. Monitor system logs and kernel messages for signs of soft lockups or CPU hangs related to kmemleak scanning. 5. Test kernel updates in a controlled environment before deployment to ensure compatibility with existing AMD hardware and drivers. 6. Maintain an inventory of Linux systems with AMD APUs to prioritize patching and mitigation efforts. 7. Use kernel lockdown features or mandatory access controls (e.g., SELinux, AppArmor) to restrict kernel module loading and memory management operations to trusted users and processes.