CVE-2022-48985

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48985
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48985.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48985
Downstream
Related
Published
2024-10-21T20:06:01Z
Modified
2025-10-08T07:23:22.608331Z
Summary
net: mana: Fix race on per-CQ variable napi work_done
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Fix race on per-CQ variable napi work_done

After calling napicompletedone(), the NAPIFSTATESCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->workdone. If the other thread (for example, from busypoll) sets it to a value >= budget, this thread will continue to run when it should stop, and cause memory corruption and panic.

To fix this issue, save the per-CQ workdone variable in a local variable before napicompletedone(), so it won't be corrupted by a possible concurrent thread after napicomplete_done().

Also, add a flag bit to advertise to the NIC firmware: the NAPI workdone variable race is fixed, so the driver is able to reliably support features like busypoll.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e1b5683ff62e7b328317aec08869495992053e9d
Fixed
fe50a9bbeb1f042e756c5cfa7708112c944368de
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e1b5683ff62e7b328317aec08869495992053e9d
Fixed
6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e1b5683ff62e7b328317aec08869495992053e9d
Fixed
18010ff776fa42340efc428b3ea6d19b3e7c7b21

Affected versions

v5.*

v5.14
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7

Database specific

{
    "vanir_signatures": [
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
                "function": "mana_cq_handler"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21",
            "digest": {
                "length": 372.0,
                "function_hash": "136899098724424899791876312506383476798"
            },
            "id": "CVE-2022-48985-04c78f50",
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/gdma.h"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "124420761190884600221452322083471636550",
                    "82381981142575725796948707249915266262",
                    "219992438502361075870767325207218146161"
                ]
            },
            "id": "CVE-2022-48985-3149adfa",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/gdma.h"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "124420761190884600221452322083471636550",
                    "82381981142575725796948707249915266262",
                    "219992438502361075870767325207218146161"
                ]
            },
            "id": "CVE-2022-48985-4b62651b",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
                "function": "mana_cq_handler"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de",
            "digest": {
                "length": 372.0,
                "function_hash": "136899098724424899791876312506383476798"
            },
            "id": "CVE-2022-48985-51a90325",
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
                "function": "mana_poll"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
            "digest": {
                "length": 253.0,
                "function_hash": "174613920569153053522416134424954405412"
            },
            "id": "CVE-2022-48985-89d3a942",
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
                "function": "mana_poll"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de",
            "digest": {
                "length": 253.0,
                "function_hash": "174613920569153053522416134424954405412"
            },
            "id": "CVE-2022-48985-8c22894b",
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
                "function": "mana_poll"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21",
            "digest": {
                "length": 253.0,
                "function_hash": "174613920569153053522416134424954405412"
            },
            "id": "CVE-2022-48985-9a0891cb",
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/mana_en.c"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "302197118965572758998371619708237854810",
                    "143788815029746524922967410159937413014",
                    "11932897504822139803897584937990648316",
                    "269956548214852970978281631019054206229",
                    "166806351250547370367423812050151395987",
                    "181127370610406213742438160516182256398",
                    "274624853884447751099226608805012238640",
                    "8979084535539287512205912150916922737",
                    "52148230577977308988728677131054772624",
                    "186960268767012163247985591360843494049",
                    "224262899362873016132318389461370325036",
                    "234241843292356992212369564470478478618",
                    "61553916027862915117757402002941533138",
                    "94301086314478762984688685651928300488",
                    "319894775135807039030338458730234915168",
                    "46307534120957835813916558321524069106",
                    "215200352054815277519895508826171972469",
                    "172750543769587168485022384187066590134",
                    "295331183400153199809114208664457529442",
                    "310916613612723337435363800530218579771",
                    "27307284632261815325672868128651376900",
                    "297977159262310314529617362501636728298",
                    "813448013172333191198769318805161095",
                    "198169229742296309407502530851364735819",
                    "81447268702092960511160345344484386420"
                ]
            },
            "id": "CVE-2022-48985-aebe66e2",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/mana_en.c"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "110090612918123703587007931222860302279",
                    "24070589520872397749469025705916603412",
                    "11932897504822139803897584937990648316",
                    "269956548214852970978281631019054206229",
                    "166806351250547370367423812050151395987",
                    "181127370610406213742438160516182256398",
                    "274624853884447751099226608805012238640",
                    "8979084535539287512205912150916922737",
                    "52148230577977308988728677131054772624",
                    "186960268767012163247985591360843494049",
                    "224262899362873016132318389461370325036",
                    "234241843292356992212369564470478478618",
                    "61553916027862915117757402002941533138",
                    "94301086314478762984688685651928300488",
                    "319894775135807039030338458730234915168",
                    "46307534120957835813916558321524069106",
                    "215200352054815277519895508826171972469",
                    "172750543769587168485022384187066590134",
                    "295331183400153199809114208664457529442",
                    "310916613612723337435363800530218579771",
                    "27307284632261815325672868128651376900",
                    "297977159262310314529617362501636728298",
                    "813448013172333191198769318805161095",
                    "198169229742296309407502530851364735819",
                    "81447268702092960511160345344484386420"
                ]
            },
            "id": "CVE-2022-48985-d8a453e3",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/gdma.h"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "124420761190884600221452322083471636550",
                    "82381981142575725796948707249915266262",
                    "219992438502361075870767325207218146161"
                ]
            },
            "id": "CVE-2022-48985-e2788492",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
                "function": "mana_cq_handler"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
            "digest": {
                "length": 372.0,
                "function_hash": "136899098724424899791876312506383476798"
            },
            "id": "CVE-2022-48985-e93c9fdf",
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1"
        },
        {
            "target": {
                "file": "drivers/net/ethernet/microsoft/mana/mana_en.c"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "110090612918123703587007931222860302279",
                    "24070589520872397749469025705916603412",
                    "11932897504822139803897584937990648316",
                    "269956548214852970978281631019054206229",
                    "166806351250547370367423812050151395987",
                    "181127370610406213742438160516182256398",
                    "274624853884447751099226608805012238640",
                    "8979084535539287512205912150916922737",
                    "52148230577977308988728677131054772624",
                    "186960268767012163247985591360843494049",
                    "224262899362873016132318389461370325036",
                    "234241843292356992212369564470478478618",
                    "61553916027862915117757402002941533138",
                    "94301086314478762984688685651928300488",
                    "319894775135807039030338458730234915168",
                    "46307534120957835813916558321524069106",
                    "215200352054815277519895508826171972469",
                    "172750543769587168485022384187066590134",
                    "295331183400153199809114208664457529442",
                    "310916613612723337435363800530218579771",
                    "27307284632261815325672868128651376900",
                    "297977159262310314529617362501636728298",
                    "813448013172333191198769318805161095",
                    "198169229742296309407502530851364735819",
                    "81447268702092960511160345344484386420"
                ]
            },
            "id": "CVE-2022-48985-f8178bb6",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.83
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.13