CVE-2022-48758

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48758
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48758.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48758
Related
Published
2024-06-20T12:15:13Z
Modified
2024-09-11T04:57:01.645793Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: bnx2fc: Flush destroywork queue before calling bnx2fcinterface_put()

The bnx2fcdestroy() functions are removing the interface before calling destroywork. This results multiple WARNings from sysfsremovegroup() as the controller rport device attributes are removed too early.

Replace the fcoeport's destroywork queue. It's not needed.

The problem is easily reproducible with the following steps.

Example:

$ dmesg -w & $ systemctl enable --now fcoe $ fipvlan -s -c ens2f1 $ fcoeadm -d ens2f1.802 [ 583.464488] host2: libfc: Link down on port (7500a1) [ 583.472651] bnx2fc: 7500a1 - rport not created Yet!! [ 583.490468] ------------[ cut here ]------------ [ 583.538725] sysfs group 'power' not found for kobject 'rport-2:0-0' [ 583.568814] WARNING: CPU: 3 PID: 192 at fs/sysfs/group.c:279 sysfsremovegroup+0x6f/0x80 [ 583.607130] Modules linked in: dmservicetime 8021q garp mrp stp llc bnx2fc cnic uio rpcsecgsskrb5 authrpcgss nfsv4 ... [ 583.942994] CPU: 3 PID: 192 Comm: kworker/3:2 Kdump: loaded Not tainted 5.14.0-39.el9.x8664 #1 [ 583.984105] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013 [ 584.016535] Workqueue: fcwq2 fcrportfinaldelete [scsitransportfc] [ 584.050691] RIP: 0010:sysfsremovegroup+0x6f/0x80 [ 584.074725] Code: ff 5b 48 89 ef 5d 41 5c e9 ee c0 ff ff 48 89 ef e8 f6 b8 ff ff eb d1 49 8b 14 24 48 8b 33 48 c7 c7 ... [ 584.162586] RSP: 0018:ffffb567c15afdc0 EFLAGS: 00010282 [ 584.188225] RAX: 0000000000000000 RBX: ffffffff8eec4220 RCX: 0000000000000000 [ 584.221053] RDX: ffff8c1586ce84c0 RSI: ffff8c1586cd7cc0 RDI: ffff8c1586cd7cc0 [ 584.255089] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb567c15afc00 [ 584.287954] R10: ffffb567c15afbf8 R11: ffffffff8fbe7f28 R12: ffff8c1486326400 [ 584.322356] R13: ffff8c1486326480 R14: ffff8c1483a4a000 R15: 0000000000000004 [ 584.355379] FS: 0000000000000000(0000) GS:ffff8c1586cc0000(0000) knlGS:0000000000000000 [ 584.394419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 584.421123] CR2: 00007fe95a6f7840 CR3: 0000000107674002 CR4: 00000000000606e0 [ 584.454888] Call Trace: [ 584.466108] devicedel+0xb2/0x3e0 [ 584.481701] deviceunregister+0x13/0x60 [ 584.501306] bsgunregisterqueue+0x5b/0x80 [ 584.522029] bsgremovequeue+0x1c/0x40 [ 584.541884] fcrportfinaldelete+0xf3/0x1d0 [scsitransportfc] [ 584.573823] processonework+0x1e3/0x3b0 [ 584.592396] workerthread+0x50/0x3b0 [ 584.609256] ? rescuerthread+0x370/0x370 [ 584.628877] kthread+0x149/0x170 [ 584.643673] ? setkthreadstruct+0x40/0x40 [ 584.662909] retfromfork+0x22/0x30 [ 584.680002] ---[ end trace 53575ecefa942ece ]---

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.103-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}