CVE-2022-48653

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48653
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48653.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48653
Downstream
Related
Published
2024-04-28T13:00:52Z
Modified
2025-10-08T06:29:42.178523Z
Summary
ice: Don't double unplug aux on peer initiated reset
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: Don't double unplug aux on peer initiated reset

In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the icepreparefor_reset function. This double call is causing a "scheduling while atomic" BUG.

[ 662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 majerrcode = 0xffff minerrcode = 0x8003

[ 662.676609] ice 0000:4c:00.0 rocep76s0: [Modify QP Cmd Error][opcode=8] status=-29 waiting=1 completionerr=1 maj=0xffff min=0x8003

[ 662.815006] ice 0000:4c:00.0 rocep76s0: ICE OICR event notification: oicr = 0x10000003

[ 662.815014] ice 0000:4c:00.0 rocep76s0: critical PE Error, GLPE_CRITERR=0x00011424

[ 662.815017] ice 0000:4c:00.0 rocep76s0: Requesting a reset

[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002

[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002 [ 662.815477] Modules linked in: rpcsecgsskrb5 authrpcgss nfsv4 dnsresolver nfs lockd grace fscache netfs rfkill 8021q garp mrp stp llc vfat fat rpcrdma intelraplmsr intelraplcommon sunrpc i10nmedac rdmaucm nfit ibsrpt libnvdimm ibisert iscsitargetmod x86pkgtempthermal intelpowerclamp coretemp targetcoremod sndhdaintel ibiser sndinteldspcfg libiscsi sndintelsdwacpi scsitransportiscsi kvmintel iTCOwdt rdmacm sndhdacodec kvm iwcm ipmissif iTCOvendorsupport sndhdacore irqbypass crct10difpclmul crc32pclmul ghashclmulniintel sndhwdep sndseq sndseqdevice rapl sndpcm sndtimer isstifmboxpci pcspkr isstifmmio irdma inteluncore idxd acpiipmi joydev isstifcommon snd meime idxdbus ipmisi soundcore i2ci801 mei ipmidevintf i2csmbus i2cismt ipmimsghandler acpipowermeter acpipad rv(OE) ibuverbs ibcm ibcore xfs libcrc32c ast i2calgobit drmvramhelper drmkmshelper syscopyarea sysfillrect sysimgblt fbsysfops drmttmhelpe r ttm [ 662.815546] nvme nvmecore ice drm crc32cintel i40e t10pi wmi pinctrlemmitsburg dmmirror dmregionhash dmlog dmmod fuse [ 662.815557] Preemption disabled at: [ 662.815558] [<0000000000000000>] 0x0 [ 662.815563] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Tainted: G S OE 5.17.1 #2 [ 662.815566] Hardware name: Intel Corporation D50DNP/D50DNP, BIOS SE5C6301.86B.6624.D18.2111021741 11/02/2021 [ 662.815568] Call Trace: [ 662.815572] <IRQ> [ 662.815574] dumpstacklvl+0x33/0x42 [ 662.815581] _schedulebug.cold.147+0x7d/0x8a [ 662.815588] _schedule+0x798/0x990 [ 662.815595] schedule+0x44/0xc0 [ 662.815597] schedulepreemptdisabled+0x14/0x20 [ 662.815600] _mutexlock.isra.11+0x46c/0x490 [ 662.815603] ? _ibdevprintk+0x76/0xc0 [ibcore] [ 662.815633] devicedel+0x37/0x3d0 [ 662.815639] iceunplugauxdev+0x1a/0x40 [ice] [ 662.815674] iceschedulereset+0x3c/0xd0 [ice] [ 662.815693] irdmaiidceventhandler.cold.7+0xb6/0xd3 [irdma] [ 662.815712] ? bitmapfindnextzeroareaoff+0x45/0xa0 [ 662.815719] icesendeventtoaux+0x54/0x70 [ice] [ 662.815741] icemiscintr+0x21d/0x2d0 [ice] [ 662.815756] _handleirqeventpercpu+0x4c/0x180 [ 662.815762] handleirqeventpercpu+0xf/0x40 [ 662.815764] handleirqevent+0x34/0x60 [ 662.815766] handleedgeirq+0x9a/0x1c0 [ 662.815770] _commoninterrupt+0x62/0x100 [ 662.815774] commoninterrupt+0xb4/0xd0 [ 662.815779] </IRQ> [ 662.815780] <TASK> [ 662.815780] asmcommoninterrupt+0x1e/0x40 [ 662.815785] RIP: 0010:cpuidleenter_state+0xd6/0x380 [ 662.815789] Code: 49 89 c4 0f 1f 44 00 00 31 ff e8 65 d7 95 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 64 02 00 00 31 ff e8 ae c5 9c ff fb 45 85 f6 <0f> 88 12 01 00 00 49 63 d6 4c 2b 24 24 48 8d 04 52 48 8d 04 82 49 [ 662.815791] RSP: 0018:ff2c2c4f18edbe80 EFLAGS: 00000202 [ 662.815793] RAX: ff280805df140000 RBX: 0000000000000002 RCX: 000000000000001f [ 662.815795] RDX: 0000009a52da2d08 R ---truncated---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f9f5301e7e2d4fa2445aab3ec889dac6b34ea63e
Fixed
34447d64b8d28e4d6a73d73f07c879959d68fbfe
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f9f5301e7e2d4fa2445aab3ec889dac6b34ea63e
Fixed
149979e87eb7a365d3d0b259bed79d84ff585a93
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f9f5301e7e2d4fa2445aab3ec889dac6b34ea63e
Fixed
23c619190318376769ad7b61504c2ea0703fb783

Affected versions

v5.*

v5.13
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.10
v5.19.11
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v5.19.6
v5.19.7
v5.19.8
v5.19.9

v6.*

v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4

Database specific

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@149979e87eb7a365d3d0b259bed79d84ff585a93",
            "digest": {
                "length": 644.0,
                "function_hash": "10895327418175042135291981683179837234"
            },
            "id": "CVE-2022-48653-04bbacdb",
            "target": {
                "file": "drivers/net/ethernet/intel/ice/ice_main.c",
                "function": "ice_schedule_reset"
            },
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23c619190318376769ad7b61504c2ea0703fb783",
            "digest": {
                "line_hashes": [
                    "8413680103014723181677098448841755695",
                    "190376130532543965820299467487270455772",
                    "29224450904562260350220055363376236178",
                    "255494840582271667276040576369175547793"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2022-48653-73d071e8",
            "target": {
                "file": "drivers/net/ethernet/intel/ice/ice_main.c"
            },
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@34447d64b8d28e4d6a73d73f07c879959d68fbfe",
            "digest": {
                "line_hashes": [
                    "8413680103014723181677098448841755695",
                    "190376130532543965820299467487270455772",
                    "29224450904562260350220055363376236178",
                    "255494840582271667276040576369175547793"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2022-48653-8421ff00",
            "target": {
                "file": "drivers/net/ethernet/intel/ice/ice_main.c"
            },
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23c619190318376769ad7b61504c2ea0703fb783",
            "digest": {
                "length": 644.0,
                "function_hash": "10895327418175042135291981683179837234"
            },
            "id": "CVE-2022-48653-8c037c09",
            "target": {
                "file": "drivers/net/ethernet/intel/ice/ice_main.c",
                "function": "ice_schedule_reset"
            },
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@149979e87eb7a365d3d0b259bed79d84ff585a93",
            "digest": {
                "line_hashes": [
                    "8413680103014723181677098448841755695",
                    "190376130532543965820299467487270455772",
                    "29224450904562260350220055363376236178",
                    "255494840582271667276040576369175547793"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2022-48653-ca3a9606",
            "target": {
                "file": "drivers/net/ethernet/intel/ice/ice_main.c"
            },
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@34447d64b8d28e4d6a73d73f07c879959d68fbfe",
            "digest": {
                "length": 644.0,
                "function_hash": "10895327418175042135291981683179837234"
            },
            "id": "CVE-2022-48653-f7cc4ccb",
            "target": {
                "file": "drivers/net/ethernet/intel/ice/ice_main.c",
                "function": "ice_schedule_reset"
            },
            "signature_version": "v1"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.14.0
Fixed
5.15.71
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.19.12