CVE-2022-49434

MEDIUM EPSS 10.5%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() The sysfs sriov_numvfs_store() path acquires the device lock before the config space access lock: sriov_numvfs_store device_lock # A (1) acquire device lock sriov_configure vfio_pci_sriov_configure # (for example) vfio_pci_core_sriov_configure pci_disable_sriov sriov_disable pci_cfg_access_lock pci_wait_cfg # B (4) wait for dev->block_cfg_access == 0 Previously, pci_dev_lock() acquired the config space access lock before the device lock: pci_dev_lock pci_cfg_access_lock dev->block_cfg_access = 1 # B (2) set dev->block_cfg_access = 1 device_lock # A (3) wait for device lock Any path that uses pci_dev_lock(), e.g., pci_reset_function(), may deadlock with sriov_numvfs_store() if the operations occur in the sequence (1) (2) (3) (4). Avoid the deadlock by reversing the order in pci_dev_lock() so it acquires the device lock before the config space access lock, the same as the sriov_numvfs_store() path. [bhelgaas: combined and adapted commit log from Jay Zhou's independent subsequent posting: https://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel* <4.9.318
linuxlinux_kernel*≥4.10  –  <4.14.283
linuxlinux_kernel*≥4.15  –  <4.19.247
linuxlinux_kernel*≥4.20  –  <5.4.198
linuxlinux_kernel*≥5.5  –  <5.10.121
linuxlinux_kernel*≥5.11  –  <5.15.46
linuxlinux_kernel*≥5.16  –  <5.17.14
linuxlinux_kernel*≥5.18  –  <5.18.3

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2cdd5284035322795b0964f899eefba254cfe483
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59ea6b3ae51df7cd6bfd84c9c0030609b9315622
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a91ee0e9fca9d7501286cfbced9b30a33e52740a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aed6d4d519210c28817948f34c53b6e058e0456c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3c6dc1853b8bf3c718f96fd8480a6eb09ba4831
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c9a81f9ed6ae3554621d6a50220b1bc74b67d81e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea047f51172aa68841adef7f52d375002438b8f0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eff3587b9c01439b738298475e555c028ac9f55e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2cdd5284035322795b0964f899eefba254cfe483
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59ea6b3ae51df7cd6bfd84c9c0030609b9315622
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a91ee0e9fca9d7501286cfbced9b30a33e52740a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aed6d4d519210c28817948f34c53b6e058e0456c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3c6dc1853b8bf3c718f96fd8480a6eb09ba4831
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c9a81f9ed6ae3554621d6a50220b1bc74b67d81e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea047f51172aa68841adef7f52d375002438b8f0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eff3587b9c01439b738298475e555c028ac9f55e
    Patch