CVE-2022-49156

MEDIUM EPSS 15.8%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can put the thread to sleep. The thread that originates the call is in interrupt context. The combination of the two trigger a crash. Schedule the call in non-interrupt context where it is more safe. kernel: BUG: scheduling while atomic: swapper/7/0/0x00010000 kernel: Call Trace: kernel: <IRQ> kernel: dump_stack+0x66/0x81 kernel: __schedule_bug.cold.90+0x5/0x1d kernel: __schedule+0x7af/0x960 kernel: schedule+0x28/0x80 kernel: schedule_timeout+0x26d/0x3b0 kernel: wait_for_completion+0xb4/0x140 kernel: ? wake_up_q+0x70/0x70 kernel: __wait_rcu_gp+0x12c/0x160 kernel: ? sdev_evt_alloc+0xc0/0x180 [scsi_mod] kernel: synchronize_sched+0x6c/0x80 kernel: ? call_rcu_bh+0x20/0x20 kernel: ? __bpf_trace_rcu_invoke_callback+0x10/0x10 kernel: sdev_evt_alloc+0xfd/0x180 [scsi_mod] kernel: starget_for_each_device+0x85/0xb0 [scsi_mod] kernel: ? scsi_init_io+0x360/0x3d0 [scsi_mod] kernel: scsi_init_io+0x388/0x3d0 [scsi_mod] kernel: device_for_each_child+0x54/0x90 kernel: fc_remote_port_delete+0x70/0xe0 [scsi_transport_fc] kernel: qla2x00_schedule_rport_del+0x62/0xf0 [qla2xxx] kernel: qla2x00_mark_device_lost+0x9c/0xd0 [qla2xxx] kernel: qla24xx_handle_plogi_done_event+0x55f/0x570 [qla2xxx] kernel: qla2x00_async_login_sp_done+0xd2/0x100 [qla2xxx] kernel: qla24xx_logio_entry+0x13a/0x3c0 [qla2xxx] kernel: qla24xx_process_response_queue+0x306/0x400 [qla2xxx] kernel: qla24xx_msix_rsp_q+0x3f/0xb0 [qla2xxx] kernel: __handle_irq_event_percpu+0x40/0x180 kernel: handle_irq_event_percpu+0x30/0x80 kernel: handle_irq_event+0x36/0x60

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel* <5.10.110
linuxlinux_kernel*≥5.11  –  <5.15.33
linuxlinux_kernel*≥5.16  –  <5.16.19
linuxlinux_kernel*≥5.17  –  <5.17.2

References 5

  • git.kernel.org https://git.kernel.org/stable/c/78225d6a2a4ffdb2250ce2b7691a9e68a3f86912
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78612f2fe8e26637476d756a44f0f05cca0d97de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fef50214dd04427233a2e66cd624d468e67aecb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/826a9d4a00d1424afa961504aec6298ee92d5053
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afd438ff874ca40b74321b3fa19bd61adfd7ca0c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/78225d6a2a4ffdb2250ce2b7691a9e68a3f86912
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78612f2fe8e26637476d756a44f0f05cca0d97de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fef50214dd04427233a2e66cd624d468e67aecb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/826a9d4a00d1424afa961504aec6298ee92d5053
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afd438ff874ca40b74321b3fa19bd61adfd7ca0c
    Patch