CVE-2022-49063

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc8 nextqueue-devqueue-02643-g23f3121aca93

Description A use-after-free issue has been identified in the Linux kernel. The problem arises when the free irq cpu rmap function is called after devm free irq, causing it to operate on already freed IRQ descriptors. This issue is triggered during device reset when the driver frees the rmap before allocating a new one. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve this issue, modify the rmap creation and freeing functions to be symmetrical with {request,free} irq calls, performing these operations on ifup/ifdown instead of device probe/remove/resume. Additionally, ensure that ice vsi free irq clears IRQ affinity notifiers only when aRFS is disabled. As a temporary workaround, consider disabling the free irq cpu rmap function until a patch is available. Restrict access to the vulnerable ice module to minimize the risk of exploitation. Avoid using the rmap parameter in the affected API endpoints until the issue is resolved.