CVE-2022-48825

Name of the Vulnerable Software and Affected Versions Linux kernel version 4.18.0-348.el8.x86 64

Description The vulnerability is related to the scsi: qedf component in the Linux kernel. It is caused by the failure to initialize the stag work for vport, resulting in a call trace when creating NPIV ports. Only 32 out of 64 ports show online. The issue can be resolved by initializing the stag work for all vports.

Recommendations For Linux kernel version 4.18.0-348.el8.x86 64, initialize the stag work for all vports to resolve the issue. As a temporary workaround, consider disabling the qedf elsct send function until a patch is available. Restrict access to the vulnerable fc lport timeout module to minimize the risk of exploitation. Avoid using the queue delayed work on function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.