CVE-2022-49536
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
01/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock<br />
<br />
During stress I/O tests with 500+ vports, hard LOCKUP call traces are<br />
observed.<br />
<br />
CPU A:<br />
native_queued_spin_lock_slowpath+0x192<br />
_raw_spin_lock_irqsave+0x32<br />
lpfc_handle_fcp_err+0x4c6<br />
lpfc_fcp_io_cmd_wqe_cmpl+0x964<br />
lpfc_sli4_fp_handle_cqe+0x266<br />
__lpfc_sli4_process_cq+0x105<br />
__lpfc_sli4_hba_process_cq+0x3c<br />
lpfc_cq_poll_hdler+0x16<br />
irq_poll_softirq+0x76<br />
__softirqentry_text_start+0xe4<br />
irq_exit+0xf7<br />
do_IRQ+0x7f<br />
<br />
CPU B:<br />
native_queued_spin_lock_slowpath+0x5b<br />
_raw_spin_lock+0x1c<br />
lpfc_abort_handler+0x13e<br />
scmd_eh_abort_handler+0x85<br />
process_one_work+0x1a7<br />
worker_thread+0x30<br />
kthread+0x112<br />
ret_from_fork+0x1f<br />
<br />
Diagram of lockup:<br />
<br />
CPUA CPUB<br />
---- ----<br />
lpfc_cmd->buf_lock<br />
phba->hbalock<br />
lpfc_cmd->buf_lock<br />
phba->hbalock<br />
<br />
Fix by reordering the taking of the lpfc_cmd->buf_lock and phba->hbalock in<br />
lpfc_abort_handler routine so that it tries to take the lpfc_cmd->buf_lock<br />
first before phba->hbalock.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15.46 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.17.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.18 (including) | 5.18.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page