CVE-2022-48758

2024-06-2012:15:13

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

vulnerability

cve-2022-48758

scsi

bnx2fc

destroy_work queue

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()

The bnx2fc_destroy() functions are removing the interface before calling
destroy_work. This results multiple WARNings from sysfs_remove_group() as
the controller rport device attributes are removed too early.

Replace the fcoe_port’s destroy_work queue. It’s not needed.

The problem is easily reproducible with the following steps.

Example:

$ dmesg -w &
$ systemctl enable --now fcoe
$ fipvlan -s -c ens2f1
$ fcoeadm -d ens2f1.802
[ 583.464488] host2: libfc: Link down on port (7500a1)
[ 583.472651] bnx2fc: 7500a1 - rport not created Yet!!
[ 583.490468] ------------[ cut here ]------------
[ 583.538725] sysfs group ‘power’ not found for kobject ‘rport-2:0-0’
[ 583.568814] WARNING: CPU: 3 PID: 192 at fs/sysfs/group.c:279 sysfs_remove_group+0x6f/0x80
[ 583.607130] Modules linked in: dm_service_time 8021q garp mrp stp llc bnx2fc cnic uio rpcsec_gss_krb5 auth_rpcgss nfsv4 …
[ 583.942994] CPU: 3 PID: 192 Comm: kworker/3:2 Kdump: loaded Not tainted 5.14.0-39.el9.x86_64 #1
[ 583.984105] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013
[ 584.016535] Workqueue: fc_wq_2 fc_rport_final_delete [scsi_transport_fc]
[ 584.050691] RIP: 0010:sysfs_remove_group+0x6f/0x80
[ 584.074725] Code: ff 5b 48 89 ef 5d 41 5c e9 ee c0 ff ff 48 89 ef e8 f6 b8 ff ff eb d1 49 8b 14 24 48 8b 33 48 c7 c7 …
[ 584.162586] RSP: 0018:ffffb567c15afdc0 EFLAGS: 00010282
[ 584.188225] RAX: 0000000000000000 RBX: ffffffff8eec4220 RCX: 0000000000000000
[ 584.221053] RDX: ffff8c1586ce84c0 RSI: ffff8c1586cd7cc0 RDI: ffff8c1586cd7cc0
[ 584.255089] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb567c15afc00
[ 584.287954] R10: ffffb567c15afbf8 R11: ffffffff8fbe7f28 R12: ffff8c1486326400
[ 584.322356] R13: ffff8c1486326480 R14: ffff8c1483a4a000 R15: 0000000000000004
[ 584.355379] FS: 0000000000000000(0000) GS:ffff8c1586cc0000(0000) knlGS:0000000000000000
[ 584.394419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 584.421123] CR2: 00007fe95a6f7840 CR3: 0000000107674002 CR4: 00000000000606e0
[ 584.454888] Call Trace:
[ 584.466108] device_del+0xb2/0x3e0
[ 584.481701] device_unregister+0x13/0x60
[ 584.501306] bsg_unregister_queue+0x5b/0x80
[ 584.522029] bsg_remove_queue+0x1c/0x40
[ 584.541884] fc_rport_final_delete+0xf3/0x1d0 [scsi_transport_fc]
[ 584.573823] process_one_work+0x1e3/0x3b0
[ 584.592396] worker_thread+0x50/0x3b0
[ 584.609256] ? rescuer_thread+0x370/0x370
[ 584.628877] kthread+0x149/0x170
[ 584.643673] ? set_kthread_struct+0x40/0x40
[ 584.662909] ret_from_fork+0x22/0x30
[ 584.680002] —[ end trace 53575ecefa942ece ]—

Affected configurations

Vulners

Node

linuxlinux_kernelRange3.2–4.4.302

linuxlinux_kernelRange4.5.0–4.9.300

linuxlinux_kernelRange4.10.0–4.14.265

linuxlinux_kernelRange4.15.0–4.19.228

linuxlinux_kernelRange4.20.0–5.4.176

linuxlinux_kernelRange5.5.0–5.10.96

linuxlinux_kernelRange5.11.0–5.15.19

linuxlinux_kernelRange5.16.0–5.16.5

linuxlinux_kernelRange5.17.0≥

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/bnx2fc/bnx2fc_fcoe.c"
    ],
    "versions": [
      {
        "version": "0cbf32e1681d",
        "lessThan": "2a12fe8248a3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0cbf32e1681d",
        "lessThan": "262550f29c75",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0cbf32e1681d",
        "lessThan": "c93a290c862c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0cbf32e1681d",
        "lessThan": "de6336b17a13",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0cbf32e1681d",
        "lessThan": "bf2bd892a0cb",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0cbf32e1681d",
        "lessThan": "00849de10f79",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0cbf32e1681d",
        "lessThan": "b11e34f7bab2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0cbf32e1681d",
        "lessThan": "ace7b6ef4125",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "0cbf32e1681d",
        "lessThan": "847f9ea4c518",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/bnx2fc/bnx2fc_fcoe.c"
    ],
    "versions": [
      {
        "version": "3.2",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.2",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.4.302",
        "lessThanOrEqual": "4.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.9.300",
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.14.265",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.228",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.176",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.96",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.19",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.5",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]