fkie_cve-2022-49584
Vulnerability from fkie_nvd
Published
2025-02-26 07:01
Modified
2025-02-26 07:01
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is processing requests from the VF driver. This can result in a panic. BUG: unable to handle kernel paging request at 000000000000106c PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Tainted: G I --------- - Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020 RIP: 0010:ixgbe_msg_task+0x4c8/0x1690 [ixgbe] Code: 00 00 48 8d 04 40 48 c1 e0 05 89 7c 24 24 89 fd 48 89 44 24 10 83 ff 01 0f 84 b8 04 00 00 4c 8b 64 24 10 4d 03 a5 48 22 00 00 <41> 80 7c 24 4c 00 0f 84 8a 03 00 00 0f b7 c7 83 f8 08 0f 84 8f 0a RSP: 0018:ffffb337869f8df8 EFLAGS: 00010002 RAX: 0000000000001020 RBX: 0000000000000000 RCX: 000000000000002b RDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000006 RBP: 0000000000000006 R08: 0000000000000002 R09: 0000000000029780 R10: 00006957d8f42832 R11: 0000000000000000 R12: 0000000000001020 R13: ffff8a00e8978ac0 R14: 000000000000002b R15: ffff8a00e8979c80 FS: 0000000000000000(0000) GS:ffff8a07dfd00000(0000) knlGS:00000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000106c CR3: 0000000063e10004 CR4: 00000000007726e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? ttwu_do_wakeup+0x19/0x140 ? try_to_wake_up+0x1cd/0x550 ? ixgbevf_update_xcast_mode+0x71/0xc0 [ixgbevf] ixgbe_msix_other+0x17e/0x310 [ixgbe] __handle_irq_event_percpu+0x40/0x180 handle_irq_event_percpu+0x30/0x80 handle_irq_event+0x36/0x53 handle_edge_irq+0x82/0x190 handle_irq+0x1c/0x30 do_IRQ+0x49/0xd0 common_interrupt+0xf/0xf This can be eventually be reproduced with the following script: while : do echo 63 > /sys/class/net/<devname>/device/sriov_numvfs sleep 1 echo 0 > /sys/class/net/<devname>/device/sriov_numvfs sleep 1 done Add lock when disabling SR-IOV to prevent process VF mailbox communication.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/031af9e617a6f51075d97e56fc9e712c7dde2508
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/16f929a5e76fd047fd8697e1e568bdd7d771955c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1e53834ce541d4fe271cdcca7703e50be0a44f8a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9d925d2dc82cec2bcbd8625457645d8a548ab22e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b82de63f8f817b5735480293dda8e92ba8170c52
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Add locking to prevent panic when setting sriov_numvfs to zero\n\nIt is possible to disable VFs while the PF driver is processing requests\nfrom the VF driver.  This can result in a panic.\n\nBUG: unable to handle kernel paging request at 000000000000106c\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Tainted: G I      --------- -\nHardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020\nRIP: 0010:ixgbe_msg_task+0x4c8/0x1690 [ixgbe]\nCode: 00 00 48 8d 04 40 48 c1 e0 05 89 7c 24 24 89 fd 48 89 44 24 10 83 ff\n01 0f 84 b8 04 00 00 4c 8b 64 24 10 4d 03 a5 48 22 00 00 \u003c41\u003e 80 7c 24 4c\n00 0f 84 8a 03 00 00 0f b7 c7 83 f8 08 0f 84 8f 0a\nRSP: 0018:ffffb337869f8df8 EFLAGS: 00010002\nRAX: 0000000000001020 RBX: 0000000000000000 RCX: 000000000000002b\nRDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000006\nRBP: 0000000000000006 R08: 0000000000000002 R09: 0000000000029780\nR10: 00006957d8f42832 R11: 0000000000000000 R12: 0000000000001020\nR13: ffff8a00e8978ac0 R14: 000000000000002b R15: ffff8a00e8979c80\nFS:  0000000000000000(0000) GS:ffff8a07dfd00000(0000) knlGS:00000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000106c CR3: 0000000063e10004 CR4: 00000000007726e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? ttwu_do_wakeup+0x19/0x140\n ? try_to_wake_up+0x1cd/0x550\n ? ixgbevf_update_xcast_mode+0x71/0xc0 [ixgbevf]\n ixgbe_msix_other+0x17e/0x310 [ixgbe]\n __handle_irq_event_percpu+0x40/0x180\n handle_irq_event_percpu+0x30/0x80\n handle_irq_event+0x36/0x53\n handle_edge_irq+0x82/0x190\n handle_irq+0x1c/0x30\n do_IRQ+0x49/0xd0\n common_interrupt+0xf/0xf\n\nThis can be eventually be reproduced with the following script:\n\nwhile :\ndo\n    echo 63 \u003e /sys/class/net/\u003cdevname\u003e/device/sriov_numvfs\n    sleep 1\n    echo 0 \u003e /sys/class/net/\u003cdevname\u003e/device/sriov_numvfs\n    sleep 1\ndone\n\nAdd lock when disabling SR-IOV to prevent process VF mailbox communication."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ixgbe: agregar bloqueo para evitar p\u00e1nico al configurar sriov_numvfs en cero Es posible deshabilitar las VF mientras el controlador PF est\u00e1 procesando solicitudes del controlador VF. Esto puede generar un p\u00e1nico. ERROR: no se puede gestionar la solicitud de paginaci\u00f3n del kernel en 000000000000106c PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Tainted: G I --------- - Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020 RIP: 0010:ixgbe_msg_task+0x4c8/0x1690 [ixgbe] Code: 00 00 48 8d 04 40 48 c1 e0 05 89 7c 24 24 89 fd 48 89 44 24 10 83 ff 01 0f 84 b8 04 00 00 4c 8b 64 24 10 4d 03 a5 48 22 00 00 \u0026lt;41\u0026gt; 80 7c 24 4c 00 0f 84 8a 03 00 00 0f b7 c7 83 f8 08 0f 84 8f 0a RSP: 0018:ffffb337869f8df8 EFLAGS: 00010002 RAX: 0000000000001020 RBX: 0000000000000000 RCX: 000000000000002b RDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000006 RBP: 0000000000000006 R08: 0000000000000002 R09: 0000000000029780 R10: 00006957d8f42832 R11: 0000000000000000 R12: 0000000000001020 R13: ffff8a00e8978ac0 R14: 000000000000002b R15: ffff8a00e8979c80 FS: 0000000000000000(0000) GS:ffff8a07dfd00000(0000) knlGS:00000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000106c CR3: 0000000063e10004 CR4: 00000000007726e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace:  ? ttwu_do_wakeup+0x19/0x140 ? try_to_wake_up+0x1cd/0x550 ? ixgbevf_update_xcast_mode+0x71/0xc0 [ixgbevf] ixgbe_msix_other+0x17e/0x310 [ixgbe] __handle_irq_event_percpu+0x40/0x180 handle_irq_event_percpu+0x30/0x80 handle_irq_event+0x36/0x53 handle_edge_irq+0x82/0x190 handle_irq+0x1c/0x30 do_IRQ+0x49/0xd0 common_interrupt+0xf/0xf  Esto puede reproducirse eventualmente con el siguiente script: while : do echo 63 \u0026gt; /sys/class/net//device/sriov_numvfs sleep 1 echo 0 \u0026gt; /sys/class/net//device/sriov_numvfs sleep 1 done Agregar bloqueo al deshabilitar SR-IOV para evitar la comunicaci\u00f3n del buz\u00f3n VF del proceso."
    }
  ],
  "id": "CVE-2022-49584",
  "lastModified": "2025-02-26T07:01:33.987",
  "metrics": {},
  "published": "2025-02-26T07:01:33.987",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/031af9e617a6f51075d97e56fc9e712c7dde2508"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/16f929a5e76fd047fd8697e1e568bdd7d771955c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1e53834ce541d4fe271cdcca7703e50be0a44f8a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9d925d2dc82cec2bcbd8625457645d8a548ab22e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b82de63f8f817b5735480293dda8e92ba8170c52"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.