CVE-2022-50062 (GCVE-0-2022-50062)
Vulnerability from cvelistv5
Published
2025-06-18 11:02
Modified
2025-06-18 11:02
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytes_compl On one of our machines we got: kernel BUG at lib/dynamic_queue_limits.c:27! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4.14.275-rt132 #1 Hardware name: BRCM XGS iProc task: ee3415c0 task.stack: ee32a000 PC is at dql_completed+0x168/0x178 LR is at bgmac_poll+0x18c/0x6d8 pc : [<c03b9430>] lr : [<c04b5a18>] psr: 800a0313 sp : ee32be14 ip : 000005ea fp : 00000bd4 r10: ee558500 r9 : c0116298 r8 : 00000002 r7 : 00000000 r6 : ef128810 r5 : 01993267 r4 : 01993851 r3 : ee558000 r2 : 000070e1 r1 : 00000bd4 r0 : ee52c180 Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 12c5387d Table: 8e88c04a DAC: 00000051 Process irq/41-bgmac (pid: 1166, stack limit = 0xee32a210) Stack: (0xee32be14 to 0xee32c000) be00: ee558520 ee52c100 ef128810 be20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040 be40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040 be60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a be80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98 bea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8 bec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000 bee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520 bf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900 bf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c bf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28 bf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70 bf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000 bfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000 bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [<c03b9430>] (dql_completed) from [<c04b5a18>] (bgmac_poll+0x18c/0x6d8) [<c04b5a18>] (bgmac_poll) from [<c0528744>] (net_rx_action+0x1c4/0x494) [<c0528744>] (net_rx_action) from [<c0124d3c>] (do_current_softirqs+0x1ec/0x43c) [<c0124d3c>] (do_current_softirqs) from [<c012500c>] (__local_bh_enable+0x80/0x98) [<c012500c>] (__local_bh_enable) from [<c016da14>] (irq_forced_thread_fn+0x84/0x98) [<c016da14>] (irq_forced_thread_fn) from [<c016dd14>] (irq_thread+0x118/0x1c0) [<c016dd14>] (irq_thread) from [<c013edcc>] (kthread+0x150/0x158) [<c013edcc>] (kthread) from [<c0108470>] (ret_from_fork+0x14/0x24) Code: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7) The issue seems similar to commit 90b3b339364c ("net: hisilicon: Fix a BUG trigered by wrong bytes_compl") and potentially introduced by commit b38c83dd0866 ("bgmac: simplify tx ring index handling"). If there is an RX interrupt between setting ring->end and netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free() can miscalculate the queue size while called from bgmac_poll(). The machine which triggered the BUG runs a v4.14 RT kernel - but the issue seems present in mainline too.
References
Impacted products
Vendor Product Version
Linux Linux Version: b38c83dd08665a93e439c4ffd9eef31bc098a6ea
Version: b38c83dd08665a93e439c4ffd9eef31bc098a6ea
Version: b38c83dd08665a93e439c4ffd9eef31bc098a6ea
Version: b38c83dd08665a93e439c4ffd9eef31bc098a6ea
Version: b38c83dd08665a93e439c4ffd9eef31bc098a6ea
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bgmac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ac6d4482f29ab992b605c1b4bd1347f1f679f4e4",
              "status": "affected",
              "version": "b38c83dd08665a93e439c4ffd9eef31bc098a6ea",
              "versionType": "git"
            },
            {
              "lessThan": "ab2b55bb25db289ba0b68e3d58494476bdb1041d",
              "status": "affected",
              "version": "b38c83dd08665a93e439c4ffd9eef31bc098a6ea",
              "versionType": "git"
            },
            {
              "lessThan": "c506c9a97120f43257e9b3ce7b1f9a24eafc3787",
              "status": "affected",
              "version": "b38c83dd08665a93e439c4ffd9eef31bc098a6ea",
              "versionType": "git"
            },
            {
              "lessThan": "da1421a29d3b8681ba6a7f686bd0b40dda5acaf3",
              "status": "affected",
              "version": "b38c83dd08665a93e439c4ffd9eef31bc098a6ea",
              "versionType": "git"
            },
            {
              "lessThan": "1b7680c6c1f6de9904f1d9b05c952f0c64a03350",
              "status": "affected",
              "version": "b38c83dd08665a93e439c4ffd9eef31bc098a6ea",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bgmac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.138",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.211",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.138",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.63",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.4",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bgmac: Fix a BUG triggered by wrong bytes_compl\n\nOn one of our machines we got:\n\nkernel BUG at lib/dynamic_queue_limits.c:27!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM\nCPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G        W  O    4.14.275-rt132 #1\nHardware name: BRCM XGS iProc\ntask: ee3415c0 task.stack: ee32a000\nPC is at dql_completed+0x168/0x178\nLR is at bgmac_poll+0x18c/0x6d8\npc : [\u003cc03b9430\u003e]    lr : [\u003cc04b5a18\u003e]    psr: 800a0313\nsp : ee32be14  ip : 000005ea  fp : 00000bd4\nr10: ee558500  r9 : c0116298  r8 : 00000002\nr7 : 00000000  r6 : ef128810  r5 : 01993267  r4 : 01993851\nr3 : ee558000  r2 : 000070e1  r1 : 00000bd4  r0 : ee52c180\nFlags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none\nControl: 12c5387d  Table: 8e88c04a  DAC: 00000051\nProcess irq/41-bgmac (pid: 1166, stack limit = 0xee32a210)\nStack: (0xee32be14 to 0xee32c000)\nbe00:                                              ee558520 ee52c100 ef128810\nbe20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040\nbe40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040\nbe60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a\nbe80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98\nbea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8\nbec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000\nbee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520\nbf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900\nbf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c\nbf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28\nbf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70\nbf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000\nbfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000\nbfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\nbfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000\n[\u003cc03b9430\u003e] (dql_completed) from [\u003cc04b5a18\u003e] (bgmac_poll+0x18c/0x6d8)\n[\u003cc04b5a18\u003e] (bgmac_poll) from [\u003cc0528744\u003e] (net_rx_action+0x1c4/0x494)\n[\u003cc0528744\u003e] (net_rx_action) from [\u003cc0124d3c\u003e] (do_current_softirqs+0x1ec/0x43c)\n[\u003cc0124d3c\u003e] (do_current_softirqs) from [\u003cc012500c\u003e] (__local_bh_enable+0x80/0x98)\n[\u003cc012500c\u003e] (__local_bh_enable) from [\u003cc016da14\u003e] (irq_forced_thread_fn+0x84/0x98)\n[\u003cc016da14\u003e] (irq_forced_thread_fn) from [\u003cc016dd14\u003e] (irq_thread+0x118/0x1c0)\n[\u003cc016dd14\u003e] (irq_thread) from [\u003cc013edcc\u003e] (kthread+0x150/0x158)\n[\u003cc013edcc\u003e] (kthread) from [\u003cc0108470\u003e] (ret_from_fork+0x14/0x24)\nCode: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7)\n\nThe issue seems similar to commit 90b3b339364c (\"net: hisilicon: Fix a BUG\ntrigered by wrong bytes_compl\") and potentially introduced by commit\nb38c83dd0866 (\"bgmac: simplify tx ring index handling\").\n\nIf there is an RX interrupt between setting ring-\u003eend\nand netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free()\ncan miscalculate the queue size while called from bgmac_poll().\n\nThe machine which triggered the BUG runs a v4.14 RT kernel - but the issue\nseems present in mainline too."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T11:02:09.871Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ac6d4482f29ab992b605c1b4bd1347f1f679f4e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab2b55bb25db289ba0b68e3d58494476bdb1041d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c506c9a97120f43257e9b3ce7b1f9a24eafc3787"
        },
        {
          "url": "https://git.kernel.org/stable/c/da1421a29d3b8681ba6a7f686bd0b40dda5acaf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b7680c6c1f6de9904f1d9b05c952f0c64a03350"
        }
      ],
      "title": "net: bgmac: Fix a BUG triggered by wrong bytes_compl",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50062",
    "datePublished": "2025-06-18T11:02:09.871Z",
    "dateReserved": "2025-06-18T10:57:27.404Z",
    "dateUpdated": "2025-06-18T11:02:09.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-50062\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-06-18T11:15:34.930\",\"lastModified\":\"2025-06-18T13:47:40.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: bgmac: Fix a BUG triggered by wrong bytes_compl\\n\\nOn one of our machines we got:\\n\\nkernel BUG at lib/dynamic_queue_limits.c:27!\\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM\\nCPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G        W  O    4.14.275-rt132 #1\\nHardware name: BRCM XGS iProc\\ntask: ee3415c0 task.stack: ee32a000\\nPC is at dql_completed+0x168/0x178\\nLR is at bgmac_poll+0x18c/0x6d8\\npc : [\u003cc03b9430\u003e]    lr : [\u003cc04b5a18\u003e]    psr: 800a0313\\nsp : ee32be14  ip : 000005ea  fp : 00000bd4\\nr10: ee558500  r9 : c0116298  r8 : 00000002\\nr7 : 00000000  r6 : ef128810  r5 : 01993267  r4 : 01993851\\nr3 : ee558000  r2 : 000070e1  r1 : 00000bd4  r0 : ee52c180\\nFlags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none\\nControl: 12c5387d  Table: 8e88c04a  DAC: 00000051\\nProcess irq/41-bgmac (pid: 1166, stack limit = 0xee32a210)\\nStack: (0xee32be14 to 0xee32c000)\\nbe00:                                              ee558520 ee52c100 ef128810\\nbe20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040\\nbe40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040\\nbe60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a\\nbe80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98\\nbea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8\\nbec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000\\nbee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520\\nbf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900\\nbf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c\\nbf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28\\nbf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70\\nbf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000\\nbfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000\\nbfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\\nbfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000\\n[\u003cc03b9430\u003e] (dql_completed) from [\u003cc04b5a18\u003e] (bgmac_poll+0x18c/0x6d8)\\n[\u003cc04b5a18\u003e] (bgmac_poll) from [\u003cc0528744\u003e] (net_rx_action+0x1c4/0x494)\\n[\u003cc0528744\u003e] (net_rx_action) from [\u003cc0124d3c\u003e] (do_current_softirqs+0x1ec/0x43c)\\n[\u003cc0124d3c\u003e] (do_current_softirqs) from [\u003cc012500c\u003e] (__local_bh_enable+0x80/0x98)\\n[\u003cc012500c\u003e] (__local_bh_enable) from [\u003cc016da14\u003e] (irq_forced_thread_fn+0x84/0x98)\\n[\u003cc016da14\u003e] (irq_forced_thread_fn) from [\u003cc016dd14\u003e] (irq_thread+0x118/0x1c0)\\n[\u003cc016dd14\u003e] (irq_thread) from [\u003cc013edcc\u003e] (kthread+0x150/0x158)\\n[\u003cc013edcc\u003e] (kthread) from [\u003cc0108470\u003e] (ret_from_fork+0x14/0x24)\\nCode: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7)\\n\\nThe issue seems similar to commit 90b3b339364c (\\\"net: hisilicon: Fix a BUG\\ntrigered by wrong bytes_compl\\\") and potentially introduced by commit\\nb38c83dd0866 (\\\"bgmac: simplify tx ring index handling\\\").\\n\\nIf there is an RX interrupt between setting ring-\u003eend\\nand netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free()\\ncan miscalculate the queue size while called from bgmac_poll().\\n\\nThe machine which triggered the BUG runs a v4.14 RT kernel - but the issue\\nseems present in mainline too.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bgmac: Se corrige un ERROR provocado por bytes_compl incorrecto. En una de nuestras m\u00e1quinas obtuvimos: \u00a1ERROR del kernel en lib/dynamic_queue_limits.c:27! Error interno: Oops - BUG: 0 [#1] PREEMPT SMP ARM CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: GWO 4.14.275-rt132 #1 Nombre del hardware: BRCM XGS Tarea iProc: ee3415c0 task.stack: ee32a000 La PC est\u00e1 en dql_completed+0x168/0x178 LR est\u00e1 en bgmac_poll+0x18c/0x6d8 pc : [] lr : [] psr: 800a0313 sp : ee32be14 ip : 000005ea fp : 00000bd4 r10: ee558500 r9 : c0116298 r8 : 00000002 r7 : 00000000 r6 : ef128810 r5 : 01993267 r4 : 01993851 r3 : ee558000 r2 : 000070e1 r1 : 00000bd4 r0 : ee52c180 Indicadores: Nzcv IRQ en FIQ en modo SVC_32 ISA ARM Segmento ninguno Control: 12c5387d Table: 8e88c04a DAC: 00000051 Process irq/41-bgmac (pid: 1166, stack limit = 0xee32a210) Stack: (0xee32be14 to 0xee32c000) be00: ee558520 ee52c100 ef128810 be20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040 be40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040 be60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a be80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98 bea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8 bec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000 bee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520 bf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900 bf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c bf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28 bf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70 bf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000 bfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000 bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [] (dql_completed) from [] (bgmac_poll+0x18c/0x6d8) [] (bgmac_poll) from [] (net_rx_action+0x1c4/0x494) [] (net_rx_action) from [] (do_current_softirqs+0x1ec/0x43c) [] (do_current_softirqs) from [] (__local_bh_enable+0x80/0x98) [] (__local_bh_enable) from [] (irq_forced_thread_fn+0x84/0x98) [] (irq_forced_thread_fn) from [] (irq_thread+0x118/0x1c0) [] (irq_thread) from [] (kthread+0x150/0x158) [] (kthread) from [] (ret_from_fork+0x14/0x24) Code: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7) El problema parece similar a el commit 90b3b339364c (\\\"net: hisilicon: Correcci\u00f3n de un error provocado por bytes_compl incorrecto\\\") y posiblemente introducido por el commit b38c83dd0866 (\\\"bgmac: simplificaci\u00f3n del manejo del \u00edndice del anillo de transmisi\u00f3n\\\"). Si hay una interrupci\u00f3n de recepci\u00f3n entre la configuraci\u00f3n de ring-\u0026gt;end y netdev_sent_queue(), podemos activar el error, ya que bgmac_dma_tx_free() puede calcular mal el tama\u00f1o de la cola al ser llamado desde bgmac_poll(). La m\u00e1quina que activ\u00f3 el error ejecuta un kernel RT v4.14, pero el problema tambi\u00e9n parece estar presente en la l\u00ednea principal.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1b7680c6c1f6de9904f1d9b05c952f0c64a03350\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ab2b55bb25db289ba0b68e3d58494476bdb1041d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac6d4482f29ab992b605c1b4bd1347f1f679f4e4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c506c9a97120f43257e9b3ce7b1f9a24eafc3787\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/da1421a29d3b8681ba6a7f686bd0b40dda5acaf3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.