{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49193","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T01:49:39.287Z","datePublished":"2025-02-26T01:55:39.088Z","dateUpdated":"2025-05-04T08:32:05.116Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:32:05.116Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix 'scheduling while atomic' on aux critical err interrupt\n\nThere's a kernel BUG splat on processing aux critical error\ninterrupts in ice_misc_intr():\n\n[ 2100.917085] BUG: scheduling while atomic: swapper/15/0/0x00010000\n...\n[ 2101.060770] Call Trace:\n[ 2101.063229]  <IRQ>\n[ 2101.065252]  dump_stack+0x41/0x60\n[ 2101.068587]  __schedule_bug.cold.100+0x4c/0x58\n[ 2101.073060]  __schedule+0x6a4/0x830\n[ 2101.076570]  schedule+0x35/0xa0\n[ 2101.079727]  schedule_preempt_disabled+0xa/0x10\n[ 2101.084284]  __mutex_lock.isra.7+0x310/0x420\n[ 2101.088580]  ? ice_misc_intr+0x201/0x2e0 [ice]\n[ 2101.093078]  ice_send_event_to_aux+0x25/0x70 [ice]\n[ 2101.097921]  ice_misc_intr+0x220/0x2e0 [ice]\n[ 2101.102232]  __handle_irq_event_percpu+0x40/0x180\n[ 2101.106965]  handle_irq_event_percpu+0x30/0x80\n[ 2101.111434]  handle_irq_event+0x36/0x53\n[ 2101.115292]  handle_edge_irq+0x82/0x190\n[ 2101.119148]  handle_irq+0x1c/0x30\n[ 2101.122480]  do_IRQ+0x49/0xd0\n[ 2101.125465]  common_interrupt+0xf/0xf\n[ 2101.129146]  </IRQ>\n...\n\nAs Andrew correctly mentioned previously[0], the following call\nladder happens:\n\nice_misc_intr() <- hardirq\n  ice_send_event_to_aux()\n    device_lock()\n      mutex_lock()\n        might_sleep()\n          might_resched() <- oops\n\nAdd a new PF state bit which indicates that an aux critical error\noccurred and serve it in ice_service_task() in process context.\nThe new ice_pf::oicr_err_reg is read-write in both hardirq and\nprocess contexts, but only 3 bits of non-critical data probably\naren't worth explicit synchronizing (and they're even in the same\nbyte [31:24]).\n\n[0] https://lore.kernel.org/all/YeSRUVmrdmlUXHDn@lunn.ch"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/ice/ice.h","drivers/net/ethernet/intel/ice/ice_main.c"],"versions":[{"version":"348048e724a0e8f08b63948d728d27596f6d3769","lessThan":"9b77c8cf69a41d1e3851370aeaa04a9ea83b865c","status":"affected","versionType":"git"},{"version":"348048e724a0e8f08b63948d728d27596f6d3769","lessThan":"24d7ac8426306ae7ccea7f7dd612a7368fe7201d","status":"affected","versionType":"git"},{"version":"348048e724a0e8f08b63948d728d27596f6d3769","lessThan":"59e88a50afad7469c55804e46bf2924b9130281f","status":"affected","versionType":"git"},{"version":"348048e724a0e8f08b63948d728d27596f6d3769","lessThan":"32d53c0aa3a7b727243473949bad2a830b908edc","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/ice/ice.h","drivers/net/ethernet/intel/ice/ice_main.c"],"versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","status":"unaffected","versionType":"semver"},{"version":"5.15.33","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.19","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17.2","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.15.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.16.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.17.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9b77c8cf69a41d1e3851370aeaa04a9ea83b865c"},{"url":"https://git.kernel.org/stable/c/24d7ac8426306ae7ccea7f7dd612a7368fe7201d"},{"url":"https://git.kernel.org/stable/c/59e88a50afad7469c55804e46bf2924b9130281f"},{"url":"https://git.kernel.org/stable/c/32d53c0aa3a7b727243473949bad2a830b908edc"}],"title":"ice: fix 'scheduling while atomic' on aux critical err interrupt","x_generator":{"engine":"bippy-1.2.0"}}}}