CVE-2022-48653

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.1

Description The vulnerability is related to a "scheduling while atomic" bug in the Linux kernel, specifically in the ice driver. This bug occurs when the function to unplug aux devices is called twice, once in the IDC callback and again in the ice prepare for reset function. The double call causes a scheduling conflict, leading to a BUG message. The issue is triggered when the aux drivers request a reset, and the function to unplug the aux devices is called. This can result in a denial-of-service condition.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version later than 5.17.1. If updating is not possible, consider disabling the ice driver or restricting its use to minimize the risk of exploitation. As a temporary workaround, consider disabling the ice unplug aux dev function until a patch is available.