Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-48825

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/07/2024
Last modified:
07/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: qedf: Add stag_work to all the vports<br /> <br /> Call trace seen when creating NPIV ports, only 32 out of 64 show online.<br /> stag work was not initialized for vport, hence initialize the stag work.<br /> <br /> WARNING: CPU: 8 PID: 645 at kernel/workqueue.c:1635 __queue_delayed_work+0x68/0x80<br /> CPU: 8 PID: 645 Comm: kworker/8:1 Kdump: loaded Tainted: G IOE --------- --<br /> 4.18.0-348.el8.x86_64 #1<br /> Hardware name: Dell Inc. PowerEdge MX740c/0177V9, BIOS 2.12.2 07/09/2021<br /> Workqueue: events fc_lport_timeout [libfc]<br /> RIP: 0010:__queue_delayed_work+0x68/0x80<br /> Code: 89 b2 88 00 00 00 44 89 82 90 00 00 00 48 01 c8 48 89 42 50 41 81<br /> f8 00 20 00 00 75 1d e9 60 24 07 00 44 89 c7 e9 98 f6 ff ff 0b eb<br /> c5 0f 0b eb a1 0f 0b eb a7 0f 0b eb ac 44 89 c6 e9 40 23<br /> RSP: 0018:ffffae514bc3be40 EFLAGS: 00010006<br /> RAX: ffff8d25d6143750 RBX: 0000000000000202 RCX: 0000000000000002<br /> RDX: ffff8d2e31383748 RSI: ffff8d25c000d600 RDI: ffff8d2e31383788<br /> RBP: ffff8d2e31380de0 R08: 0000000000002000 R09: ffff8d2e31383750<br /> R10: ffffffffc0c957e0 R11: ffff8d2624800000 R12: ffff8d2e31380a58<br /> R13: ffff8d2d915eb000 R14: ffff8d25c499b5c0 R15: ffff8d2e31380e18<br /> FS: 0000000000000000(0000) GS:ffff8d2d1fb00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 000055fd0484b8b8 CR3: 00000008ffc10006 CR4: 00000000007706e0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> PKRU: 55555554<br /> Call Trace:<br /> queue_delayed_work_on+0x36/0x40<br /> qedf_elsct_send+0x57/0x60 [qedf]<br /> fc_lport_enter_flogi+0x90/0xc0 [libfc]<br /> fc_lport_timeout+0xb7/0x140 [libfc]<br /> process_one_work+0x1a7/0x360<br /> ? create_worker+0x1a0/0x1a0<br /> worker_thread+0x30/0x390<br /> ? create_worker+0x1a0/0x1a0<br /> kthread+0x116/0x130<br /> ? kthread_flush_work_fn+0x10/0x10<br /> ret_from_fork+0x35/0x40<br /> ---[ end trace 008f00f722f2c2ff ]--<br /> <br /> Initialize stag work for all the vports.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.11 (including) 5.10.101 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.24 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.16.10 (excluding)
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools