Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-48653

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/04/2024
Last modified:
19/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ice: Don&amp;#39;t double unplug aux on peer initiated reset<br /> <br /> In the IDC callback that is accessed when the aux drivers request a reset,<br /> the function to unplug the aux devices is called. This function is also<br /> called in the ice_prepare_for_reset function. This double call is causing<br /> a "scheduling while atomic" BUG.<br /> <br /> [ 662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 maj_err_code = 0xffff min_err_code = 0x8003<br /> <br /> [ 662.676609] ice 0000:4c:00.0 rocep76s0: [Modify QP Cmd Error][op_code=8] status=-29 waiting=1 completion_err=1 maj=0xffff min=0x8003<br /> <br /> [ 662.815006] ice 0000:4c:00.0 rocep76s0: ICE OICR event notification: oicr = 0x10000003<br /> <br /> [ 662.815014] ice 0000:4c:00.0 rocep76s0: critical PE Error, GLPE_CRITERR=0x00011424<br /> <br /> [ 662.815017] ice 0000:4c:00.0 rocep76s0: Requesting a reset<br /> <br /> [ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002<br /> <br /> [ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002<br /> [ 662.815477] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs rfkill 8021q garp mrp stp llc vfat fat rpcrdma intel_rapl_msr intel_rapl_common sunrpc i10nm_edac rdma_ucm nfit ib_srpt libnvdimm ib_isert iscsi_target_mod x86_pkg_temp_thermal intel_powerclamp coretemp target_core_mod snd_hda_intel ib_iser snd_intel_dspcfg libiscsi snd_intel_sdw_acpi scsi_transport_iscsi kvm_intel iTCO_wdt rdma_cm snd_hda_codec kvm iw_cm ipmi_ssif iTCO_vendor_support snd_hda_core irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hwdep snd_seq snd_seq_device rapl snd_pcm snd_timer isst_if_mbox_pci pcspkr isst_if_mmio irdma intel_uncore idxd acpi_ipmi joydev isst_if_common snd mei_me idxd_bus ipmi_si soundcore i2c_i801 mei ipmi_devintf i2c_smbus i2c_ismt ipmi_msghandler acpi_power_meter acpi_pad rv(OE) ib_uverbs ib_cm ib_core xfs libcrc32c ast i2c_algo_bit drm_vram_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm_ttm_helpe<br /> r ttm<br /> [ 662.815546] nvme nvme_core ice drm crc32c_intel i40e t10_pi wmi pinctrl_emmitsburg dm_mirror dm_region_hash dm_log dm_mod fuse<br /> [ 662.815557] Preemption disabled at:<br /> [ 662.815558] [] 0x0<br /> [ 662.815563] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Tainted: G S OE 5.17.1 #2<br /> [ 662.815566] Hardware name: Intel Corporation D50DNP/D50DNP, BIOS SE5C6301.86B.6624.D18.2111021741 11/02/2021<br /> [ 662.815568] Call Trace:<br /> [ 662.815572] <br /> [ 662.815574] dump_stack_lvl+0x33/0x42<br /> [ 662.815581] __schedule_bug.cold.147+0x7d/0x8a<br /> [ 662.815588] __schedule+0x798/0x990<br /> [ 662.815595] schedule+0x44/0xc0<br /> [ 662.815597] schedule_preempt_disabled+0x14/0x20<br /> [ 662.815600] __mutex_lock.isra.11+0x46c/0x490<br /> [ 662.815603] ? __ibdev_printk+0x76/0xc0 [ib_core]<br /> [ 662.815633] device_del+0x37/0x3d0<br /> [ 662.815639] ice_unplug_aux_dev+0x1a/0x40 [ice]<br /> [ 662.815674] ice_schedule_reset+0x3c/0xd0 [ice]<br /> [ 662.815693] irdma_iidc_event_handler.cold.7+0xb6/0xd3 [irdma]<br /> [ 662.815712] ? bitmap_find_next_zero_area_off+0x45/0xa0<br /> [ 662.815719] ice_send_event_to_aux+0x54/0x70 [ice]<br /> [ 662.815741] ice_misc_intr+0x21d/0x2d0 [ice]<br /> [ 662.815756] __handle_irq_event_percpu+0x4c/0x180<br /> [ 662.815762] handle_irq_event_percpu+0xf/0x40<br /> [ 662.815764] handle_irq_event+0x34/0x60<br /> [ 662.815766] handle_edge_irq+0x9a/0x1c0<br /> [ 662.815770] __common_interrupt+0x62/0x100<br /> [ 662.815774] common_interrupt+0xb4/0xd0<br /> [ 662.815779] <br /> [ 662.815780] <br /> [ 662.815780] asm_common_interrupt+0x1e/0x40<br /> [ 662.815785] RIP: 0010:cpuidle_enter_state+0xd6/0x380<br /> [ 662.815789] Code: 49 89 c4 0f 1f 44 00 00 31 ff e8 65 d7 95 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 64 02 00 00 31 ff e8 ae c5 9c ff fb 45 85 f6 88 12 01 00 00 49 63 d6 4c 2b 24 24 48 8d 04 52 48 8d 04 82 49<br /> [ 662.815791] RSP: 0018:ff2c2c4f18edbe80 EFLAGS: 00000202<br /> [ 662.815793] RAX: ff280805df140000 RBX: 0000000000000002 RCX: 000000000000001f<br /> [ 662.815795] RDX: 0000009a52da2d08 R<br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.14 (including) 5.15.71 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.19.12 (excluding)
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools