CVE-2022-48653

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48653
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48653.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48653
Related
Published
2024-04-28T13:15:07Z
Modified
2024-09-11T02:00:05Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ice: Don't double unplug aux on peer initiated reset

In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the icepreparefor_reset function. This double call is causing a "scheduling while atomic" BUG.

[ 662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 majerrcode = 0xffff minerrcode = 0x8003

[ 662.676609] ice 0000:4c:00.0 rocep76s0: [Modify QP Cmd Error][opcode=8] status=-29 waiting=1 completionerr=1 maj=0xffff min=0x8003

[ 662.815006] ice 0000:4c:00.0 rocep76s0: ICE OICR event notification: oicr = 0x10000003

[ 662.815014] ice 0000:4c:00.0 rocep76s0: critical PE Error, GLPE_CRITERR=0x00011424

[ 662.815017] ice 0000:4c:00.0 rocep76s0: Requesting a reset

[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002

[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002 [ 662.815477] Modules linked in: rpcsecgsskrb5 authrpcgss nfsv4 dnsresolver nfs lockd grace fscache netfs rfkill 8021q garp mrp stp llc vfat fat rpcrdma intelraplmsr intelraplcommon sunrpc i10nmedac rdmaucm nfit ibsrpt libnvdimm ibisert iscsitargetmod x86pkgtempthermal intelpowerclamp coretemp targetcoremod sndhdaintel ibiser sndinteldspcfg libiscsi sndintelsdwacpi scsitransportiscsi kvmintel iTCOwdt rdmacm sndhdacodec kvm iwcm ipmissif iTCOvendorsupport sndhdacore irqbypass crct10difpclmul crc32pclmul ghashclmulniintel sndhwdep sndseq sndseqdevice rapl sndpcm sndtimer isstifmboxpci pcspkr isstifmmio irdma inteluncore idxd acpiipmi joydev isstifcommon snd meime idxdbus ipmisi soundcore i2ci801 mei ipmidevintf i2csmbus i2cismt ipmimsghandler acpipowermeter acpipad rv(OE) ibuverbs ibcm ibcore xfs libcrc32c ast i2calgobit drmvramhelper drmkmshelper syscopyarea sysfillrect sysimgblt fbsysfops drmttmhelpe r ttm [ 662.815546] nvme nvmecore ice drm crc32cintel i40e t10pi wmi pinctrlemmitsburg dmmirror dmregionhash dmlog dmmod fuse [ 662.815557] Preemption disabled at: [ 662.815558] [<0000000000000000>] 0x0 [ 662.815563] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Tainted: G S OE 5.17.1 #2 [ 662.815566] Hardware name: Intel Corporation D50DNP/D50DNP, BIOS SE5C6301.86B.6624.D18.2111021741 11/02/2021 [ 662.815568] Call Trace: [ 662.815572] <IRQ> [ 662.815574] dumpstacklvl+0x33/0x42 [ 662.815581] _schedulebug.cold.147+0x7d/0x8a [ 662.815588] _schedule+0x798/0x990 [ 662.815595] schedule+0x44/0xc0 [ 662.815597] schedulepreemptdisabled+0x14/0x20 [ 662.815600] _mutexlock.isra.11+0x46c/0x490 [ 662.815603] ? _ibdevprintk+0x76/0xc0 [ibcore] [ 662.815633] devicedel+0x37/0x3d0 [ 662.815639] iceunplugauxdev+0x1a/0x40 [ice] [ 662.815674] iceschedulereset+0x3c/0xd0 [ice] [ 662.815693] irdmaiidceventhandler.cold.7+0xb6/0xd3 [irdma] [ 662.815712] ? bitmapfindnextzeroareaoff+0x45/0xa0 [ 662.815719] icesendeventtoaux+0x54/0x70 [ice] [ 662.815741] icemiscintr+0x21d/0x2d0 [ice] [ 662.815756] _handleirqeventpercpu+0x4c/0x180 [ 662.815762] handleirqeventpercpu+0xf/0x40 [ 662.815764] handleirqevent+0x34/0x60 [ 662.815766] handleedgeirq+0x9a/0x1c0 [ 662.815770] _commoninterrupt+0x62/0x100 [ 662.815774] commoninterrupt+0xb4/0xd0 [ 662.815779] </IRQ> [ 662.815780] <TASK> [ 662.815780] asmcommoninterrupt+0x1e/0x40 [ 662.815785] RIP: 0010:cpuidleenter_state+0xd6/0x380 [ 662.815789] Code: 49 89 c4 0f 1f 44 00 00 31 ff e8 65 d7 95 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 64 02 00 00 31 ff e8 ae c5 9c ff fb 45 85 f6 <0f> 88 12 01 00 00 49 63 d6 4c 2b 24 24 48 8d 04 52 48 8d 04 82 49 [ 662.815791] RSP: 0018:ff2c2c4f18edbe80 EFLAGS: 00000202 [ 662.815793] RAX: ff280805df140000 RBX: 0000000000000002 RCX: 000000000000001f [ 662.815795] RDX: 0000009a52da2d08 R ---truncated---

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}