CVE-2022-48985
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48985
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48985.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48985
- Downstream
- Related
- Published
- 2024-10-21T20:06:01Z
- Modified
- 2025-10-08T07:23:22.608331Z
- Summary
- net: mana: Fix race on per-CQ variable napi work_done
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix race on per-CQ variable napi work_done
After calling napicompletedone(), the NAPIFSTATESCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->workdone. If the other thread (for example, from busypoll) sets it to a value >= budget, this thread will continue to run when it should stop, and cause memory corruption and panic.
To fix this issue, save the per-CQ workdone variable in a local variable before napicompletedone(), so it won't be corrupted by a possible concurrent thread after napicomplete_done().
Also, add a flag bit to advertise to the NIC firmware: the NAPI workdone variable race is fixed, so the driver is able to reliably support features like busypoll.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede1b5683ff62e7b328317aec08869495992053e9dFixedfe50a9bbeb1f042e756c5cfa7708112c944368de
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede1b5683ff62e7b328317aec08869495992053e9dFixed6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede1b5683ff62e7b328317aec08869495992053e9dFixed18010ff776fa42340efc428b3ea6d19b3e7c7b21
Affected versions
v5.*
v5.14
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
"function": "mana_cq_handler"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21",
"digest": {
"length": 372.0,
"function_hash": "136899098724424899791876312506383476798"
},
"id": "CVE-2022-48985-04c78f50",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/gdma.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de",
"digest": {
"threshold": 0.9,
"line_hashes": [
"124420761190884600221452322083471636550",
"82381981142575725796948707249915266262",
"219992438502361075870767325207218146161"
]
},
"id": "CVE-2022-48985-3149adfa",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/gdma.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"124420761190884600221452322083471636550",
"82381981142575725796948707249915266262",
"219992438502361075870767325207218146161"
]
},
"id": "CVE-2022-48985-4b62651b",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
"function": "mana_cq_handler"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de",
"digest": {
"length": 372.0,
"function_hash": "136899098724424899791876312506383476798"
},
"id": "CVE-2022-48985-51a90325",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
"function": "mana_poll"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
"digest": {
"length": 253.0,
"function_hash": "174613920569153053522416134424954405412"
},
"id": "CVE-2022-48985-89d3a942",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
"function": "mana_poll"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de",
"digest": {
"length": 253.0,
"function_hash": "174613920569153053522416134424954405412"
},
"id": "CVE-2022-48985-8c22894b",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
"function": "mana_poll"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21",
"digest": {
"length": 253.0,
"function_hash": "174613920569153053522416134424954405412"
},
"id": "CVE-2022-48985-9a0891cb",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/mana_en.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fe50a9bbeb1f042e756c5cfa7708112c944368de",
"digest": {
"threshold": 0.9,
"line_hashes": [
"302197118965572758998371619708237854810",
"143788815029746524922967410159937413014",
"11932897504822139803897584937990648316",
"269956548214852970978281631019054206229",
"166806351250547370367423812050151395987",
"181127370610406213742438160516182256398",
"274624853884447751099226608805012238640",
"8979084535539287512205912150916922737",
"52148230577977308988728677131054772624",
"186960268767012163247985591360843494049",
"224262899362873016132318389461370325036",
"234241843292356992212369564470478478618",
"61553916027862915117757402002941533138",
"94301086314478762984688685651928300488",
"319894775135807039030338458730234915168",
"46307534120957835813916558321524069106",
"215200352054815277519895508826171972469",
"172750543769587168485022384187066590134",
"295331183400153199809114208664457529442",
"310916613612723337435363800530218579771",
"27307284632261815325672868128651376900",
"297977159262310314529617362501636728298",
"813448013172333191198769318805161095",
"198169229742296309407502530851364735819",
"81447268702092960511160345344484386420"
]
},
"id": "CVE-2022-48985-aebe66e2",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/mana_en.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"110090612918123703587007931222860302279",
"24070589520872397749469025705916603412",
"11932897504822139803897584937990648316",
"269956548214852970978281631019054206229",
"166806351250547370367423812050151395987",
"181127370610406213742438160516182256398",
"274624853884447751099226608805012238640",
"8979084535539287512205912150916922737",
"52148230577977308988728677131054772624",
"186960268767012163247985591360843494049",
"224262899362873016132318389461370325036",
"234241843292356992212369564470478478618",
"61553916027862915117757402002941533138",
"94301086314478762984688685651928300488",
"319894775135807039030338458730234915168",
"46307534120957835813916558321524069106",
"215200352054815277519895508826171972469",
"172750543769587168485022384187066590134",
"295331183400153199809114208664457529442",
"310916613612723337435363800530218579771",
"27307284632261815325672868128651376900",
"297977159262310314529617362501636728298",
"813448013172333191198769318805161095",
"198169229742296309407502530851364735819",
"81447268702092960511160345344484386420"
]
},
"id": "CVE-2022-48985-d8a453e3",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/gdma.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21",
"digest": {
"threshold": 0.9,
"line_hashes": [
"124420761190884600221452322083471636550",
"82381981142575725796948707249915266262",
"219992438502361075870767325207218146161"
]
},
"id": "CVE-2022-48985-e2788492",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/mana_en.c",
"function": "mana_cq_handler"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
"digest": {
"length": 372.0,
"function_hash": "136899098724424899791876312506383476798"
},
"id": "CVE-2022-48985-e93c9fdf",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "drivers/net/ethernet/microsoft/mana/mana_en.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@18010ff776fa42340efc428b3ea6d19b3e7c7b21",
"digest": {
"threshold": 0.9,
"line_hashes": [
"110090612918123703587007931222860302279",
"24070589520872397749469025705916603412",
"11932897504822139803897584937990648316",
"269956548214852970978281631019054206229",
"166806351250547370367423812050151395987",
"181127370610406213742438160516182256398",
"274624853884447751099226608805012238640",
"8979084535539287512205912150916922737",
"52148230577977308988728677131054772624",
"186960268767012163247985591360843494049",
"224262899362873016132318389461370325036",
"234241843292356992212369564470478478618",
"61553916027862915117757402002941533138",
"94301086314478762984688685651928300488",
"319894775135807039030338458730234915168",
"46307534120957835813916558321524069106",
"215200352054815277519895508826171972469",
"172750543769587168485022384187066590134",
"295331183400153199809114208664457529442",
"310916613612723337435363800530218579771",
"27307284632261815325672868128651376900",
"297977159262310314529617362501636728298",
"813448013172333191198769318805161095",
"198169229742296309407502530851364735819",
"81447268702092960511160345344484386420"
]
},
"id": "CVE-2022-48985-f8178bb6",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1"
}
]
}