PT-2022-7501 · Linux+3 · Linux Kernel+3

Published

2022-02-18

Updated

2024-09-27

CVE-2022-48941

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the ice driver in the Linux kernel, specifically with concurrent reset and removal of Virtual Functions (VFs). The problem arises when a VF is removed while it is being reset, leading to potential memory corruption and panics. The root cause of the issue is the lack of proper locking mechanisms to prevent concurrent access to critical tasks such as virtchnl messages or resets. The fix involves protecting both the reset and removal flows using the existing VF cfg lock, ensuring that the VF cannot be removed while outstanding critical tasks are occurring.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2024-06658

CVE-2022-48941

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7501 · Linux+3 · Linux Kernel+3

CVE-2022-48941

Weakness Enumeration

Related Identifiers

Affected Products

References · 675