{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48653","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-25T13:44:28.317Z","datePublished":"2024-04-28T13:00:52.055Z","dateUpdated":"2025-05-04T08:20:37.929Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:20:37.929Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't double unplug aux on peer initiated reset\n\nIn the IDC callback that is accessed when the aux drivers request a reset,\nthe function to unplug the aux devices is called.  This function is also\ncalled in the ice_prepare_for_reset function. This double call is causing\na \"scheduling while atomic\" BUG.\n\n[  662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 maj_err_code = 0xffff min_err_code = 0x8003\n\n[  662.676609] ice 0000:4c:00.0 rocep76s0: [Modify QP Cmd Error][op_code=8] status=-29 waiting=1 completion_err=1 maj=0xffff min=0x8003\n\n[  662.815006] ice 0000:4c:00.0 rocep76s0: ICE OICR event notification: oicr = 0x10000003\n\n[  662.815014] ice 0000:4c:00.0 rocep76s0: critical PE Error, GLPE_CRITERR=0x00011424\n\n[  662.815017] ice 0000:4c:00.0 rocep76s0: Requesting a reset\n\n[  662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002\n\n[  662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002\n[  662.815477] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs rfkill 8021q garp mrp stp llc vfat fat rpcrdma intel_rapl_msr intel_rapl_common sunrpc i10nm_edac rdma_ucm nfit ib_srpt libnvdimm ib_isert iscsi_target_mod x86_pkg_temp_thermal intel_powerclamp coretemp target_core_mod snd_hda_intel ib_iser snd_intel_dspcfg libiscsi snd_intel_sdw_acpi scsi_transport_iscsi kvm_intel iTCO_wdt rdma_cm snd_hda_codec kvm iw_cm ipmi_ssif iTCO_vendor_support snd_hda_core irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hwdep snd_seq snd_seq_device rapl snd_pcm snd_timer isst_if_mbox_pci pcspkr isst_if_mmio irdma intel_uncore idxd acpi_ipmi joydev isst_if_common snd mei_me idxd_bus ipmi_si soundcore i2c_i801 mei ipmi_devintf i2c_smbus i2c_ismt ipmi_msghandler acpi_power_meter acpi_pad rv(OE) ib_uverbs ib_cm ib_core xfs libcrc32c ast i2c_algo_bit drm_vram_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm_ttm_helpe\n r ttm\n[  662.815546]  nvme nvme_core ice drm crc32c_intel i40e t10_pi wmi pinctrl_emmitsburg dm_mirror dm_region_hash dm_log dm_mod fuse\n[  662.815557] Preemption disabled at:\n[  662.815558] [<0000000000000000>] 0x0\n[  662.815563] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Tainted: G S         OE     5.17.1 #2\n[  662.815566] Hardware name: Intel Corporation D50DNP/D50DNP, BIOS SE5C6301.86B.6624.D18.2111021741 11/02/2021\n[  662.815568] Call Trace:\n[  662.815572]  <IRQ>\n[  662.815574]  dump_stack_lvl+0x33/0x42\n[  662.815581]  __schedule_bug.cold.147+0x7d/0x8a\n[  662.815588]  __schedule+0x798/0x990\n[  662.815595]  schedule+0x44/0xc0\n[  662.815597]  schedule_preempt_disabled+0x14/0x20\n[  662.815600]  __mutex_lock.isra.11+0x46c/0x490\n[  662.815603]  ? __ibdev_printk+0x76/0xc0 [ib_core]\n[  662.815633]  device_del+0x37/0x3d0\n[  662.815639]  ice_unplug_aux_dev+0x1a/0x40 [ice]\n[  662.815674]  ice_schedule_reset+0x3c/0xd0 [ice]\n[  662.815693]  irdma_iidc_event_handler.cold.7+0xb6/0xd3 [irdma]\n[  662.815712]  ? bitmap_find_next_zero_area_off+0x45/0xa0\n[  662.815719]  ice_send_event_to_aux+0x54/0x70 [ice]\n[  662.815741]  ice_misc_intr+0x21d/0x2d0 [ice]\n[  662.815756]  __handle_irq_event_percpu+0x4c/0x180\n[  662.815762]  handle_irq_event_percpu+0xf/0x40\n[  662.815764]  handle_irq_event+0x34/0x60\n[  662.815766]  handle_edge_irq+0x9a/0x1c0\n[  662.815770]  __common_interrupt+0x62/0x100\n[  662.815774]  common_interrupt+0xb4/0xd0\n[  662.815779]  </IRQ>\n[  662.815780]  <TASK>\n[  662.815780]  asm_common_interrupt+0x1e/0x40\n[  662.815785] RIP: 0010:cpuidle_enter_state+0xd6/0x380\n[  662.815789] Code: 49 89 c4 0f 1f 44 00 00 31 ff e8 65 d7 95 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 64 02 00 00 31 ff e8 ae c5 9c ff fb 45 85 f6 <0f> 88 12 01 00 00 49 63 d6 4c 2b 24 24 48 8d 04 52 48 8d 04 82 49\n[  662.815791] RSP: 0018:ff2c2c4f18edbe80 EFLAGS: 00000202\n[  662.815793] RAX: ff280805df140000 RBX: 0000000000000002 RCX: 000000000000001f\n[  662.815795] RDX: 0000009a52da2d08 R\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/ice/ice_main.c"],"versions":[{"version":"f9f5301e7e2d4fa2445aab3ec889dac6b34ea63e","lessThan":"34447d64b8d28e4d6a73d73f07c879959d68fbfe","status":"affected","versionType":"git"},{"version":"f9f5301e7e2d4fa2445aab3ec889dac6b34ea63e","lessThan":"149979e87eb7a365d3d0b259bed79d84ff585a93","status":"affected","versionType":"git"},{"version":"f9f5301e7e2d4fa2445aab3ec889dac6b34ea63e","lessThan":"23c619190318376769ad7b61504c2ea0703fb783","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/ice/ice_main.c"],"versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","status":"unaffected","versionType":"semver"},{"version":"5.15.71","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.12","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.15.71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.19.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/34447d64b8d28e4d6a73d73f07c879959d68fbfe"},{"url":"https://git.kernel.org/stable/c/149979e87eb7a365d3d0b259bed79d84ff585a93"},{"url":"https://git.kernel.org/stable/c/23c619190318376769ad7b61504c2ea0703fb783"}],"title":"ice: Don't double unplug aux on peer initiated reset","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:17:55.590Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/34447d64b8d28e4d6a73d73f07c879959d68fbfe","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/149979e87eb7a365d3d0b259bed79d84ff585a93","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/23c619190318376769ad7b61504c2ea0703fb783","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48653","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:46:08.050254Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:09.948Z"}}]}}