CVE-2022-48758

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-39.el9.x86 64

Description The vulnerability is related to the bnx2fc driver in the Linux kernel. The bnx2fc destroy() function removes the interface before calling destroy work, resulting in multiple warnings from sysfs remove group() as the controller rport device attributes are removed too early. This issue can be reproduced by following specific steps, including enabling fcoe and executing fipvlan and fcoeadm commands. The problem is caused by the removal of the fcoe port's destroy work queue, which is not needed.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for Linux kernel version 5.14.0-39.el9.x86 64, ensure that the bnx2fc driver is updated to flush the destroy work queue before calling bnx2fc interface put(). As a temporary workaround, consider disabling the fcoe interface until a patch is available.