CVE-2022-48823

EUVD-2022-53702

16.07.2024, 12:15

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedf: Fix refcount issue when LOGO is received during TMF

Hung task call trace was seen during LOGO processing.

[  974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued...
[  974.309065] [0000:00:00.0]:[qedf_initiate_tmf:2422]: tm_flags 0x10 sc_cmd 00000000c16b930f op = 0x2a target_id = 0x2 lun=0
[  974.309178] [0000:00:00.0]:[qedf_initiate_tmf:2431]: portid=016900 tm_flags =LUN RESET
[  974.309222] [0000:00:00.0]:[qedf_initiate_tmf:2438]: orig io_req = 00000000ec78df8f xid = 0x180 ref_cnt = 1.
[  974.309625] host1: rport 016900: Received LOGO request while in state Ready
[  974.309627] host1: rport 016900: Delete port
[  974.309642] host1: rport 016900: work event 3
[  974.309644] host1: rport 016900: lld callback ev 3
[  974.313243] [0000:61:00.2]:[qedf_execute_tmf:2383]:1: fcport is uploading, not executing flush.
[  974.313295] [0000:61:00.2]:[qedf_execute_tmf:2400]:1: task mgmt command success...
[  984.031088] INFO: task jbd2/dm-15-8:7645 blocked for more than 120 seconds.
[  984.031136]       Not tainted 4.18.0-305.el8.x86_64 #1

[  984.031166] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  984.031209] jbd2/dm-15-8    D    0  7645      2 0x80004080
[  984.031212] Call Trace:
[  984.031222]  __schedule+0x2c4/0x700
[  984.031230]  ? unfreeze_partials.isra.83+0x16e/0x1a0
[  984.031233]  ? bit_wait_timeout+0x90/0x90
[  984.031235]  schedule+0x38/0xa0
[  984.031238]  io_schedule+0x12/0x40
[  984.031240]  bit_wait_io+0xd/0x50
[  984.031243]  __wait_on_bit+0x6c/0x80
[  984.031248]  ? free_buffer_head+0x21/0x50
[  984.031251]  out_of_line_wait_on_bit+0x91/0xb0
[  984.031257]  ? init_wait_var_entry+0x50/0x50
[  984.031268]  jbd2_journal_commit_transaction+0x112e/0x19f0 [jbd2]
[  984.031280]  kjournald2+0xbd/0x270 [jbd2]
[  984.031284]  ? finish_wait+0x80/0x80
[  984.031291]  ? commit_timeout+0x10/0x10 [jbd2]
[  984.031294]  kthread+0x116/0x130
[  984.031300]  ? kthread_flush_work_fn+0x10/0x10
[  984.031305]  ret_from_fork+0x1f/0x40

There was a ref count issue when LOGO is received during TMF. This leads to
one of the I/Os hanging with the driver. Fix the ref count.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	4.11 ≤ 𝑥 < 5.4.180
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.101
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.24
linux	linux_kernel	5.16 ≤ 𝑥 < 5.16.10
linux	linux_kernel	5.17:rc1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
sid	6.11.6-1 fixed
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	ignored
focal	Fixed 5.4.0-110.124 released
jammy	not-affected
noble	not-affected
trusty	ignored
xenial	ignored

linux-allwinner-5.19

focal	dne
jammy	ignored
noble	dne

linux-aws

bionic	ignored
focal	Fixed 5.4.0-1073.78 released
jammy	not-affected
noble	not-affected
trusty	ignored
xenial	ignored

linux-aws-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-aws-5.11

focal	ignored
jammy	dne
noble	dne

linux-aws-5.13

focal	ignored
jammy	dne
noble	dne

linux-aws-5.15

focal	not-affected
jammy	dne
noble	dne

linux-aws-5.19

focal	dne
jammy	ignored
noble	dne

linux-aws-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-aws-5.4

bionic	pending
focal	dne
jammy	dne
noble	dne

linux-aws-5.8

focal	ignored
jammy	dne
noble	dne

linux-aws-6.2

focal	dne
jammy	ignored
noble	dne

linux-aws-6.5

focal	dne
jammy	not-affected
noble	dne

linux-aws-fips

focal	dne
jammy	dne
noble	dne

linux-aws-hwe

focal	dne
jammy	dne
noble	dne
xenial	ignored

linux-azure

bionic	ignored
focal	Fixed 5.4.0-1078.81 released
jammy	not-affected
noble	not-affected
trusty	ignored
xenial	ignored

linux-azure-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-azure-5.11

focal	ignored
jammy	dne
noble	dne

linux-azure-5.13

focal	ignored
jammy	dne
noble	dne

linux-azure-5.15

focal	not-affected
jammy	dne
noble	dne

linux-azure-5.19

focal	dne
jammy	ignored
noble	dne

linux-azure-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-azure-5.4

bionic	pending
focal	dne
jammy	dne
noble	dne

linux-azure-5.8

focal	ignored
jammy	dne
noble	dne

linux-azure-6.2

focal	dne
jammy	ignored
noble	dne

linux-azure-6.5

focal	dne
jammy	not-affected
noble	dne

linux-azure-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-azure-fde

focal	ignored
jammy	not-affected
noble	dne

linux-azure-fde-5.15

focal	not-affected
jammy	dne
noble	dne

linux-azure-fde-5.19

focal	dne
jammy	ignored
noble	dne

linux-azure-fde-6.2

focal	dne
jammy	ignored
noble	dne

linux-azure-fips

focal	dne
jammy	dne
noble	dne

linux-bluefield

focal	Fixed 5.4.0-1040.44 released
jammy	dne
noble	dne

linux-fips

focal	dne
jammy	dne
noble	dne

linux-gcp

bionic	ignored
focal	Fixed 5.4.0-1073.78 released
jammy	not-affected
noble	not-affected
xenial	ignored

linux-gcp-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-gcp-5.11

focal	ignored
jammy	dne
noble	dne

linux-gcp-5.13

focal	ignored
jammy	dne
noble	dne

linux-gcp-5.15

focal	not-affected
jammy	dne
noble	dne

linux-gcp-5.19

focal	dne
jammy	ignored
noble	dne

linux-gcp-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-gcp-5.4

bionic	pending
focal	dne
jammy	dne
noble	dne

linux-gcp-5.8

focal	ignored
jammy	dne
noble	dne

linux-gcp-6.2

focal	dne
jammy	ignored
noble	dne

linux-gcp-6.5

focal	dne
jammy	not-affected
noble	dne

linux-gcp-fips

focal	dne
jammy	dne
noble	dne

linux-gke

focal	ignored
jammy	not-affected
noble	not-affected

linux-gke-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-gke-5.15

focal	ignored
jammy	dne
noble	dne

linux-gke-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-gkeop

focal	Fixed 5.4.0-1040.41 released
jammy	not-affected
noble	dne

linux-gkeop-5.15

focal	not-affected
jammy	dne
noble	dne

linux-gkeop-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-hwe

bionic	ignored
focal	dne
jammy	dne
noble	dne
xenial	ignored

linux-hwe-5.11

focal	ignored
jammy	dne
noble	dne

linux-hwe-5.13

focal	ignored
jammy	dne
noble	dne

linux-hwe-5.15

focal	not-affected
jammy	dne
noble	dne

linux-hwe-5.19

focal	dne
jammy	ignored
noble	dne

linux-hwe-5.4

bionic	pending
focal	dne
jammy	dne
noble	dne

linux-hwe-5.8

focal	ignored
jammy	dne
noble	dne

linux-hwe-6.2

focal	dne
jammy	ignored
noble	dne

linux-hwe-6.5

focal	dne
jammy	ignored
noble	dne

linux-hwe-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
trusty	dne
xenial	dne

linux-hwe-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne
xenial	ignored

linux-ibm

focal	Fixed 5.4.0-1021.23 released
jammy	not-affected
noble	not-affected

linux-ibm-5.15

focal	not-affected
jammy	dne
noble	dne

linux-ibm-5.4

bionic	pending
focal	dne
jammy	dne
noble	dne

linux-intel

focal	dne
jammy	dne
noble	not-affected

linux-intel-5.13

focal	ignored
jammy	dne
noble	dne

linux-intel-iot-realtime

bionic	dne
focal	dne
jammy	dne
noble	dne
trusty	dne
xenial	dne

linux-intel-iotg

focal	dne
jammy	not-affected
noble	dne

linux-intel-iotg-5.15

focal	Fixed 5.15.0-1008.11~20.04.1 released
jammy	dne
noble	dne

linux-iot

focal	Fixed 5.4.0-1004.6 released
jammy	dne
noble	dne

linux-kvm

bionic	ignored
focal	Fixed 5.4.0-1063.66 released
jammy	not-affected
noble	dne
xenial	ignored

linux-lowlatency

focal	dne
jammy	not-affected
noble	not-affected

linux-lowlatency-hwe-5.15

focal	not-affected
jammy	dne
noble	dne

linux-lowlatency-hwe-5.19

focal	dne
jammy	ignored
noble	dne

linux-lowlatency-hwe-6.2

focal	dne
jammy	ignored
noble	dne

linux-lowlatency-hwe-6.5

focal	dne
jammy	ignored
noble	dne

linux-lowlatency-hwe-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
trusty	dne
xenial	dne

linux-lts-xenial

focal	dne
jammy	dne
noble	dne
trusty	ignored

linux-nvidia

focal	dne
jammy	not-affected
noble	not-affected

linux-nvidia-6.2

focal	dne
jammy	ignored
noble	dne

linux-nvidia-6.5

focal	dne
jammy	not-affected
noble	dne

linux-nvidia-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
trusty	dne
xenial	dne

linux-nvidia-lowlatency

bionic	dne
focal	dne
jammy	dne
noble	not-affected
trusty	dne
xenial	dne

linux-oem

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-oem-5.10

focal	ignored
jammy	dne
noble	dne

linux-oem-5.13

focal	ignored
jammy	dne
noble	dne

linux-oem-5.14

focal	ignored
jammy	dne
noble	dne

linux-oem-5.17

focal	dne
jammy	ignored
noble	dne

linux-oem-5.6

focal	ignored
jammy	dne
noble	dne

linux-oem-6.0

focal	dne
jammy	ignored
noble	dne

linux-oem-6.1

focal	dne
jammy	ignored
noble	dne

linux-oem-6.5

focal	dne
jammy	not-affected
noble	dne

linux-oem-6.8

focal	dne
jammy	dne
noble	not-affected

linux-oracle

bionic	ignored
focal	Fixed 5.4.0-1071.77 released
jammy	not-affected
noble	not-affected
xenial	ignored

linux-oracle-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-oracle-5.11

focal	ignored
jammy	dne
noble	dne

linux-oracle-5.13

focal	ignored
jammy	dne
noble	dne

linux-oracle-5.15

focal	not-affected
jammy	dne
noble	dne

linux-oracle-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-oracle-5.4

bionic	pending
focal	dne
jammy	dne
noble	dne

linux-oracle-5.8

focal	ignored
jammy	dne
noble	dne

linux-oracle-6.5

focal	dne
jammy	not-affected
noble	dne

linux-raspi

focal	Fixed 5.4.0-1060.68 released
jammy	not-affected
noble	not-affected

linux-raspi-5.4

bionic	pending
focal	dne
jammy	dne
noble	dne

linux-raspi-realtime

bionic	dne
focal	dne
jammy	dne
noble	dne
trusty	dne
xenial	dne

linux-raspi2

focal	ignored
jammy	dne
noble	dne

linux-realtime

bionic	dne
focal	dne
jammy	ignored
noble	dne
trusty	dne
xenial	dne

linux-riscv

focal	ignored
jammy	ignored
noble	not-affected

linux-riscv-5.11

focal	ignored
jammy	dne
noble	dne

linux-riscv-5.15

focal	not-affected
jammy	dne
noble	dne

linux-riscv-5.19

focal	dne
jammy	ignored
noble	dne

linux-riscv-5.8

focal	ignored
jammy	dne
noble	dne

linux-riscv-6.5

focal	dne
jammy	ignored
noble	dne

linux-riscv-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
trusty	dne
xenial	dne

linux-starfive-5.19

focal	dne
jammy	ignored
noble	dne

linux-starfive-6.2

focal	dne
jammy	ignored
noble	dne

linux-starfive-6.5

focal	dne
jammy	not-affected
noble	dne

linux-xilinx-zynqmp

focal	not-affected
jammy	not-affected
noble	dne

References

https://git.kernel.org/stable/c/5239ab63f17cee643bd4bf6addfedebaa7d4f41e

https://git.kernel.org/stable/c/6be8eaad75ca73131e2a697f0270dc8ee73814a8

https://git.kernel.org/stable/c/7cc32ff0cd6c44a3c26de5faecfe8b5546198fad

https://git.kernel.org/stable/c/7fcbed38503bb34c6e6538b6a9482d1c6bead1e8

https://git.kernel.org/stable/c/87f187e5265bc8e3b38faef8b9db864cdd61dde7

https://git.kernel.org/stable/c/5239ab63f17cee643bd4bf6addfedebaa7d4f41e

https://git.kernel.org/stable/c/6be8eaad75ca73131e2a697f0270dc8ee73814a8

https://git.kernel.org/stable/c/7cc32ff0cd6c44a3c26de5faecfe8b5546198fad

https://git.kernel.org/stable/c/7fcbed38503bb34c6e6538b6a9482d1c6bead1e8

https://git.kernel.org/stable/c/87f187e5265bc8e3b38faef8b9db864cdd61dde7