Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-49986

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/06/2025
Last modified:
14/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq<br /> <br /> storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it<br /> doesn&amp;#39;t need to make forward progress under memory pressure. Marking this<br /> workqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a<br /> non-WQ_MEM_RECLAIM workqueue. In the current state it causes the following<br /> warning:<br /> <br /> [ 14.506347] ------------[ cut here ]------------<br /> [ 14.506354] workqueue: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun is flushing !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn<br /> [ 14.506360] WARNING: CPU: 0 PID: 8 at kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130<br /> [ 14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.4.0-1086-azure #91~18.04.1-Ubuntu<br /> [ 14.506391] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022<br /> [ 14.506393] Workqueue: storvsc_error_wq_0 storvsc_remove_lun<br /> [ 14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130<br /> <br /> [ 14.506408] Call Trace:<br /> [ 14.506412] __flush_work+0xf1/0x1c0<br /> [ 14.506414] __cancel_work_timer+0x12f/0x1b0<br /> [ 14.506417] ? kernfs_put+0xf0/0x190<br /> [ 14.506418] cancel_delayed_work_sync+0x13/0x20<br /> [ 14.506420] disk_block_events+0x78/0x80<br /> [ 14.506421] del_gendisk+0x3d/0x2f0<br /> [ 14.506423] sr_remove+0x28/0x70<br /> [ 14.506427] device_release_driver_internal+0xef/0x1c0<br /> [ 14.506428] device_release_driver+0x12/0x20<br /> [ 14.506429] bus_remove_device+0xe1/0x150<br /> [ 14.506431] device_del+0x167/0x380<br /> [ 14.506432] __scsi_remove_device+0x11d/0x150<br /> [ 14.506433] scsi_remove_device+0x26/0x40<br /> [ 14.506434] storvsc_remove_lun+0x40/0x60<br /> [ 14.506436] process_one_work+0x209/0x400<br /> [ 14.506437] worker_thread+0x34/0x400<br /> [ 14.506439] kthread+0x121/0x140<br /> [ 14.506440] ? process_one_work+0x400/0x400<br /> [ 14.506441] ? kthread_park+0x90/0x90<br /> [ 14.506443] ret_from_fork+0x35/0x40<br /> [ 14.506445] ---[ end trace 2d9633159fdc6ee7 ]---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 4.19.257 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.212 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.140 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.64 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.19.6 (excluding)
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools