CVE-2022-49722

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ice: Fix memory corruption in VF driver<br /> <br /> Disable VF&amp;#39;s RX/TX queues, when it&amp;#39;s disabled. VF can have queues enabled,<br /> when it requests a reset. If PF driver assumes that VF is disabled,<br /> while VF still has queues configured, VF may unmap DMA resources.<br /> In such scenario device still can map packets to memory, which ends up<br /> silently corrupting it.<br /> Previously, VF driver could experience memory corruption, which lead to<br /> crash:<br /> [ 5119.170157] BUG: unable to handle kernel paging request at 00001b9780003237<br /> [ 5119.170166] PGD 0 P4D 0<br /> [ 5119.170173] Oops: 0002 [#1] PREEMPT_RT SMP PTI<br /> [ 5119.170181] CPU: 30 PID: 427592 Comm: kworker/u96:2 Kdump: loaded Tainted: G W I --------- - - 4.18.0-372.9.1.rt7.166.el8.x86_64 #1<br /> [ 5119.170189] Hardware name: Dell Inc. PowerEdge R740/014X06, BIOS 2.3.10 08/15/2019<br /> [ 5119.170193] Workqueue: iavf iavf_adminq_task [iavf]<br /> [ 5119.170219] RIP: 0010:__page_frag_cache_drain+0x5/0x30<br /> [ 5119.170238] Code: 0f 0f b6 77 51 85 f6 74 07 31 d2 e9 05 df ff ff e9 90 fe ff ff 48 8b 05 49 db 33 01 eb b4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 29 77 34 74 01 c3 48 8b 07 f6 c4 80 74 0f 0f b6 77 51 85 f6 74<br /> [ 5119.170244] RSP: 0018:ffffa43b0bdcfd78 EFLAGS: 00010282<br /> [ 5119.170250] RAX: ffffffff896b3e40 RBX: ffff8fb282524000 RCX: 0000000000000002<br /> [ 5119.170254] RDX: 0000000049000000 RSI: 0000000000000000 RDI: 00001b9780003203<br /> [ 5119.170259] RBP: ffff8fb248217b00 R08: 0000000000000022 R09: 0000000000000009<br /> [ 5119.170262] R10: 2b849d6300000000 R11: 0000000000000020 R12: 0000000000000000<br /> [ 5119.170265] R13: 0000000000001000 R14: 0000000000000009 R15: 0000000000000000<br /> [ 5119.170269] FS: 0000000000000000(0000) GS:ffff8fb1201c0000(0000) knlGS:0000000000000000<br /> [ 5119.170274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 5119.170279] CR2: 00001b9780003237 CR3: 00000008f3e1a003 CR4: 00000000007726e0<br /> [ 5119.170283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [ 5119.170286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> [ 5119.170290] PKRU: 55555554<br /> [ 5119.170292] Call Trace:<br /> [ 5119.170298] iavf_clean_rx_ring+0xad/0x110 [iavf]<br /> [ 5119.170324] iavf_free_rx_resources+0xe/0x50 [iavf]<br /> [ 5119.170342] iavf_free_all_rx_resources.part.51+0x30/0x40 [iavf]<br /> [ 5119.170358] iavf_virtchnl_completion+0xd8a/0x15b0 [iavf]<br /> [ 5119.170377] ? iavf_clean_arq_element+0x210/0x280 [iavf]<br /> [ 5119.170397] iavf_adminq_task+0x126/0x2e0 [iavf]<br /> [ 5119.170416] process_one_work+0x18f/0x420<br /> [ 5119.170429] worker_thread+0x30/0x370<br /> [ 5119.170437] ? process_one_work+0x420/0x420<br /> [ 5119.170445] kthread+0x151/0x170<br /> [ 5119.170452] ? set_kthread_struct+0x40/0x40<br /> [ 5119.170460] ret_from_fork+0x35/0x40<br /> [ 5119.170477] Modules linked in: iavf sctp ip6_udp_tunnel udp_tunnel mlx4_en mlx4_core nfp tls vhost_net vhost vhost_iotlb tap tun xt_CHECKSUM ipt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink bridge stp llc rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache sunrpc intel_rapl_msr iTCO_wdt iTCO_vendor_support dell_smbios wmi_bmof dell_wmi_descriptor dcdbas kvm_intel kvm irqbypass intel_rapl_common isst_if_common skx_edac irdma nfit libnvdimm x86_pkg_temp_thermal i40e intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ib_uverbs rapl ipmi_ssif intel_cstate intel_uncore mei_me pcspkr acpi_ipmi ib_core mei lpc_ich i2c_i801 ipmi_si ipmi_devintf wmi ipmi_msghandler acpi_power_meter xfs libcrc32c sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ice ahci drm libahci crc32c_intel libata tg3 megaraid_sas<br /> [ 5119.170613] i2c_algo_bit dm_mirror dm_region_hash dm_log dm_mod fuse [last unloaded: iavf]<br /> [ 5119.170627] CR2: 00001b9780003237