PT-2025-8084 · Linux+4 · Linux Kernel+4

Quinn Tran

Published

2022-01-24

Updated

2025-09-29

CVE-2022-49156

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue occurs in the scsi: qla2xxx driver, where a call to the midlayer function fc remote port delete can put the thread to sleep while in interrupt context, triggering a crash. The problem arises from scheduling while atomic. To address this, the call is scheduled in non-interrupt context for safety.

Recommendations As a temporary workaround, consider disabling the interrupt context for the fc remote port delete function call until a patch is available. Restrict access to the qla2xxx driver to minimize the risk of exploitation. Avoid using the qla2x00 schedule rport del function in the affected kernel until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-99

Related Identifiers

ALSA-2025_16880

BDU:2026-01544

CESA-2022_7683

CVE-2022-49156

OPENSUSE-SU-2025_1263-1

RHSA-2022:7683

RHSA-2022:8267

RHSA-2022_7683

RHSA-2022_8267

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-8084 · Linux+4 · Linux Kernel+4

CVE-2022-49156

Weakness Enumeration

Related Identifiers

Affected Products

References · 1500