Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-49584

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
22/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero<br /> <br /> It is possible to disable VFs while the PF driver is processing requests<br /> from the VF driver. This can result in a panic.<br /> <br /> BUG: unable to handle kernel paging request at 000000000000106c<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] SMP NOPTI<br /> CPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Tainted: G I --------- -<br /> Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020<br /> RIP: 0010:ixgbe_msg_task+0x4c8/0x1690 [ixgbe]<br /> Code: 00 00 48 8d 04 40 48 c1 e0 05 89 7c 24 24 89 fd 48 89 44 24 10 83 ff<br /> 01 0f 84 b8 04 00 00 4c 8b 64 24 10 4d 03 a5 48 22 00 00 80 7c 24 4c<br /> 00 0f 84 8a 03 00 00 0f b7 c7 83 f8 08 0f 84 8f 0a<br /> RSP: 0018:ffffb337869f8df8 EFLAGS: 00010002<br /> RAX: 0000000000001020 RBX: 0000000000000000 RCX: 000000000000002b<br /> RDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000006<br /> RBP: 0000000000000006 R08: 0000000000000002 R09: 0000000000029780<br /> R10: 00006957d8f42832 R11: 0000000000000000 R12: 0000000000001020<br /> R13: ffff8a00e8978ac0 R14: 000000000000002b R15: ffff8a00e8979c80<br /> FS: 0000000000000000(0000) GS:ffff8a07dfd00000(0000) knlGS:00000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 000000000000106c CR3: 0000000063e10004 CR4: 00000000007726e0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> ? ttwu_do_wakeup+0x19/0x140<br /> ? try_to_wake_up+0x1cd/0x550<br /> ? ixgbevf_update_xcast_mode+0x71/0xc0 [ixgbevf]<br /> ixgbe_msix_other+0x17e/0x310 [ixgbe]<br /> __handle_irq_event_percpu+0x40/0x180<br /> handle_irq_event_percpu+0x30/0x80<br /> handle_irq_event+0x36/0x53<br /> handle_edge_irq+0x82/0x190<br /> handle_irq+0x1c/0x30<br /> do_IRQ+0x49/0xd0<br /> common_interrupt+0xf/0xf<br /> <br /> This can be eventually be reproduced with the following script:<br /> <br /> while :<br /> do<br /> echo 63 &gt; /sys/class/net//device/sriov_numvfs<br /> sleep 1<br /> echo 0 &gt; /sys/class/net//device/sriov_numvfs<br /> sleep 1<br /> done<br /> <br /> Add lock when disabling SR-IOV to prevent process VF mailbox communication.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.6 (including) 5.4.208 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.134 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.58 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.18.15 (excluding)
cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools