admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/48xxx/CVE-2022-48941.json
CVE Team 9f03fe71f2
"-Synchronized-Data."
2024-11-04 13:01:28 +00:00

124 lines
7.1 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-48941",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix concurrent reset and removal of VFs\n\nCommit c503e63200c6 (\"ice: Stop processing VF messages during teardown\")\nintroduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is\nintended to prevent some issues with concurrently handling messages from\nVFs while tearing down the VFs.\n\nThis change was motivated by crashes caused while tearing down and\nbringing up VFs in rapid succession.\n\nIt turns out that the fix actually introduces issues with the VF driver\ncaused because the PF no longer responds to any messages sent by the VF\nduring its .remove routine. This results in the VF potentially removing\nits DMA memory before the PF has shut down the device queues.\n\nAdditionally, the fix doesn't actually resolve concurrency issues within\nthe ice driver. It is possible for a VF to initiate a reset just prior\nto the ice driver removing VFs. This can result in the remove task\nconcurrently operating while the VF is being reset. This results in\nsimilar memory corruption and panics purportedly fixed by that commit.\n\nFix this concurrency at its root by protecting both the reset and\nremoval flows using the existing VF cfg_lock. This ensures that we\ncannot remove the VF while any outstanding critical tasks such as a\nvirtchnl message or a reset are occurring.\n\nThis locking change also fixes the root cause originally fixed by commit\nc503e63200c6 (\"ice: Stop processing VF messages during teardown\"), so we\ncan simply revert it.\n\nNote that I kept these two changes together because simply reverting the\noriginal commit alone would leave the driver vulnerable to worse race\nconditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "c503e63200c6",
"version_value": "05ae1f0fe9c6"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.14",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.104",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.26",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.12",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/05ae1f0fe9c6c5ead08b306e665763a352d20716",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/05ae1f0fe9c6c5ead08b306e665763a352d20716"
},
{
"url": "https://git.kernel.org/stable/c/3c805fce07c9dbc47d8a9129c7c5458025951957",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3c805fce07c9dbc47d8a9129c7c5458025951957"
},
{
"url": "https://git.kernel.org/stable/c/2a3e61de89bab6696aa28b70030eb119968c5586",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2a3e61de89bab6696aa28b70030eb119968c5586"
},
{
"url": "https://git.kernel.org/stable/c/fadead80fe4c033b5e514fcbadd20b55c4494112",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fadead80fe4c033b5e514fcbadd20b55c4494112"
}
]
},
"generator": {
"engine": "bippy-9e1c9544281a"
}
}
Reference in New Issue View Git Blame Copy Permalink