CVE-2022-48789

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a possible use-after-free in the transport error recovery work of the nvme-tcp module. This occurs when nvme tcp submit async event work checks the control and queue state before preparing the AER command and scheduling io work. To prevent a race where this check is not reliable, the error recovery work must flush async event work before continuing to destroy the admin queue after setting the control state to RESETTING. This ensures there is no race between submit async event and the error recovery handler itself changing the control state. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.