CVE-2022-49687

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A bug in the Linux kernel's virtio net driver causes a driver bug warning when using virtio net after a suspend/resume sequence. The issue arises because the virtnet freeze() function frees the receive queue completely, including struct xdp rxq info, without calling xdp rxq info unreg(). Similarly, virtnet restore() sets up the receive queue again without calling xdp rxq info reg(). This results in a warning when the network interface is brought down after resuming from suspend.

Recommendations To resolve this issue, modify the virtnet freeze down() and virtnet restore up() functions to call virtnet close() and virtnet open() respectively, ensuring that xdp rxq info unreg() and xdp rxq info reg() are called as needed. Additionally, only cancel the refill work if netif running(). This fix should prevent the driver bug warning and avoid similar problems in the future. At the moment, there is no information about a newer version that contains a fix for this vulnerability.