PT-2024-10531 · Linux+3 · Linux Kernel+3

Published

2022-01-24

Updated

2025-01-20

CVE-2022-48823

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.18.0-305.el8.x86 64

Description The vulnerability is related to a ref count issue in the scsi: qedf component of the Linux kernel. When a LOGO request is received during TMF, it can cause one of the I/Os to hang with the driver. This issue can lead to a denial of service. The vulnerability is identified by a hung task call trace seen during LOGO processing.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the ref count issue, such as version 4.18.0-305.el8.x86 64 or later. If updating is not possible, consider temporarily disabling the qedf component or restricting its use to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

BDU:2025-01082

CVE-2022-48823

OPENSUSE-SU-2024_2947-1

OPENSUSE-SU-2024_3249-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2940-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:3225-1

SUSE-SU-2024:3249-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-10531 · Linux+3 · Linux Kernel+3

CVE-2022-48823

Weakness Enumeration

Related Identifiers

Affected Products

References · 1435