CVE-2022-48840
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48840
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48840.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48840
- Downstream
- Related
- Published
- 2024-07-16T12:25:11Z
- Modified
- 2025-10-13T13:59:17.697223Z
- Summary
- iavf: Fix hang during reboot/shutdown
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iavf: Fix hang during reboot/shutdown
Recent commit 974578017fc1 ("iavf: Add waiting so the port is initialized in remove") adds a wait-loop at the beginning of iavfremove() to ensure that port initialization is finished prior unregistering net device. This causes a regression in reboot/shutdown scenario because in this case callback iavfshutdown() is called and this callback detaches the device, makes it down if it is running and sets its state to _IAVFREMOVE. Later shutdown callback of associated PF driver (e.g. iceshutdown) is called. That callback calls among other things sriovdisable() that calls indirectly iavfremove() (see stack trace below). As the adapter state is already _IAVF_REMOVE then the mentioned loop is end-less and shutdown process hangs.
The patch fixes this by checking adapter's state at the beginning of iavf_remove() and skips the rest of the function if the adapter is already in remove state (shutdown is in progress).
Reproducer: 1. Create VF on PF driven by ice or i40e driver 2. Ensure that the VF is bound to iavf driver 3. Reboot
[52625.981294] sysrq: SysRq : Show Blocked State [52625.988377] task:reboot state:D stack: 0 pid:17359 ppid: 1 f2 [52625.996732] Call Trace: [52625.999187] _schedule+0x2d1/0x830 [52626.007400] schedule+0x35/0xa0 [52626.010545] schedulehrtimeoutrangeclock+0x83/0x100 [52626.020046] usleeprange+0x5b/0x80 [52626.023540] iavfremove+0x63/0x5b0 [iavf] [52626.027645] pcideviceremove+0x3b/0xc0 [52626.031572] devicereleasedriverinternal+0x103/0x1f0 [52626.036805] pcistopbusdevice+0x72/0xa0 [52626.040904] pcistopandremovebusdevice+0xe/0x20 [52626.045870] pciiovremovevirtfn+0xba/0x120 [52626.050232] sriovdisable+0x2f/0xe0 [52626.053813] icefreevfs+0x7c/0x340 [ice] [52626.057946] iceremove+0x220/0x240 [ice] [52626.061967] iceshutdown+0x16/0x50 [ice] [52626.065987] pcideviceshutdown+0x34/0x60 [52626.070086] deviceshutdown+0x165/0x1c5 [52626.074011] kernelrestart+0xe/0x30 [52626.077593] _dosysreboot+0x1d2/0x210 [52626.093815] dosyscall64+0x5b/0x1a0 [52626.097483] entrySYSCALL64afterhwframe+0x65/0xca
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced85aa76066fef64de8a48d0da6b4071ceac455a94Fixed80974bb730270199c6fcb189af04d5945b87e813
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7b9515172ab4d4c6ac0eae4b71013ee6ce932205Fixed4477b9a4193b35eb3a8afd2adf2d42add2f88d57
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced974578017fc1fdd06cea8afb9dfa32602e8529edFixedb04683ff8f0823b869c219c78ba0d974bddea0b5
Affected versions
v5.*
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"id": "CVE-2022-48840-23e93bd3",
"signature_version": "v1",
"digest": {
"line_hashes": [
"311192216552738283808741600039257685652",
"286782951986615137249058181717748778659",
"267234000003382139889664491766693969191"
],
"threshold": 0.9
},
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/intel/iavf/iavf_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4477b9a4193b35eb3a8afd2adf2d42add2f88d57"
},
{
"deprecated": false,
"id": "CVE-2022-48840-57033e2d",
"signature_version": "v1",
"digest": {
"line_hashes": [
"311192216552738283808741600039257685652",
"286782951986615137249058181717748778659",
"267234000003382139889664491766693969191"
],
"threshold": 0.9
},
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/intel/iavf/iavf_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b04683ff8f0823b869c219c78ba0d974bddea0b5"
},
{
"deprecated": false,
"id": "CVE-2022-48840-7bbace18",
"signature_version": "v1",
"digest": {
"length": 2812.0,
"function_hash": "122877316200313783425060512051729965166"
},
"signature_type": "Function",
"target": {
"function": "iavf_remove",
"file": "drivers/net/ethernet/intel/iavf/iavf_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@80974bb730270199c6fcb189af04d5945b87e813"
},
{
"deprecated": false,
"id": "CVE-2022-48840-829e5be2",
"signature_version": "v1",
"digest": {
"line_hashes": [
"311192216552738283808741600039257685652",
"286782951986615137249058181717748778659",
"267234000003382139889664491766693969191"
],
"threshold": 0.9
},
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/intel/iavf/iavf_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@80974bb730270199c6fcb189af04d5945b87e813"
},
{
"deprecated": false,
"id": "CVE-2022-48840-92fc4c82",
"signature_version": "v1",
"digest": {
"length": 2812.0,
"function_hash": "122877316200313783425060512051729965166"
},
"signature_type": "Function",
"target": {
"function": "iavf_remove",
"file": "drivers/net/ethernet/intel/iavf/iavf_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b04683ff8f0823b869c219c78ba0d974bddea0b5"
},
{
"deprecated": false,
"id": "CVE-2022-48840-be54df07",
"signature_version": "v1",
"digest": {
"length": 2812.0,
"function_hash": "122877316200313783425060512051729965166"
},
"signature_type": "Function",
"target": {
"function": "iavf_remove",
"file": "drivers/net/ethernet/intel/iavf/iavf_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4477b9a4193b35eb3a8afd2adf2d42add2f88d57"
}
]
}