{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49584","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:21:30.412Z","datePublished":"2025-02-26T02:23:20.600Z","dateUpdated":"2025-05-04T08:41:10.383Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:41:10.383Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Add locking to prevent panic when setting sriov_numvfs to zero\n\nIt is possible to disable VFs while the PF driver is processing requests\nfrom the VF driver.  This can result in a panic.\n\nBUG: unable to handle kernel paging request at 000000000000106c\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Tainted: G I      --------- -\nHardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020\nRIP: 0010:ixgbe_msg_task+0x4c8/0x1690 [ixgbe]\nCode: 00 00 48 8d 04 40 48 c1 e0 05 89 7c 24 24 89 fd 48 89 44 24 10 83 ff\n01 0f 84 b8 04 00 00 4c 8b 64 24 10 4d 03 a5 48 22 00 00 <41> 80 7c 24 4c\n00 0f 84 8a 03 00 00 0f b7 c7 83 f8 08 0f 84 8f 0a\nRSP: 0018:ffffb337869f8df8 EFLAGS: 00010002\nRAX: 0000000000001020 RBX: 0000000000000000 RCX: 000000000000002b\nRDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000006\nRBP: 0000000000000006 R08: 0000000000000002 R09: 0000000000029780\nR10: 00006957d8f42832 R11: 0000000000000000 R12: 0000000000001020\nR13: ffff8a00e8978ac0 R14: 000000000000002b R15: ffff8a00e8979c80\nFS:  0000000000000000(0000) GS:ffff8a07dfd00000(0000) knlGS:00000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000106c CR3: 0000000063e10004 CR4: 00000000007726e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <IRQ>\n ? ttwu_do_wakeup+0x19/0x140\n ? try_to_wake_up+0x1cd/0x550\n ? ixgbevf_update_xcast_mode+0x71/0xc0 [ixgbevf]\n ixgbe_msix_other+0x17e/0x310 [ixgbe]\n __handle_irq_event_percpu+0x40/0x180\n handle_irq_event_percpu+0x30/0x80\n handle_irq_event+0x36/0x53\n handle_edge_irq+0x82/0x190\n handle_irq+0x1c/0x30\n do_IRQ+0x49/0xd0\n common_interrupt+0xf/0xf\n\nThis can be eventually be reproduced with the following script:\n\nwhile :\ndo\n    echo 63 > /sys/class/net/<devname>/device/sriov_numvfs\n    sleep 1\n    echo 0 > /sys/class/net/<devname>/device/sriov_numvfs\n    sleep 1\ndone\n\nAdd lock when disabling SR-IOV to prevent process VF mailbox communication."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/ixgbe/ixgbe.h","drivers/net/ethernet/intel/ixgbe/ixgbe_main.c","drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c"],"versions":[{"version":"d773d1310625be3b040b436178ad59a0af8888f1","lessThan":"031af9e617a6f51075d97e56fc9e712c7dde2508","status":"affected","versionType":"git"},{"version":"d773d1310625be3b040b436178ad59a0af8888f1","lessThan":"b82de63f8f817b5735480293dda8e92ba8170c52","status":"affected","versionType":"git"},{"version":"d773d1310625be3b040b436178ad59a0af8888f1","lessThan":"16f929a5e76fd047fd8697e1e568bdd7d771955c","status":"affected","versionType":"git"},{"version":"d773d1310625be3b040b436178ad59a0af8888f1","lessThan":"9d925d2dc82cec2bcbd8625457645d8a548ab22e","status":"affected","versionType":"git"},{"version":"d773d1310625be3b040b436178ad59a0af8888f1","lessThan":"1e53834ce541d4fe271cdcca7703e50be0a44f8a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/ixgbe/ixgbe.h","drivers/net/ethernet/intel/ixgbe/ixgbe_main.c","drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c"],"versions":[{"version":"3.6","status":"affected"},{"version":"0","lessThan":"3.6","status":"unaffected","versionType":"semver"},{"version":"5.4.208","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.134","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.58","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.18.15","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.4.208"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.10.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.15.58"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.18.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/031af9e617a6f51075d97e56fc9e712c7dde2508"},{"url":"https://git.kernel.org/stable/c/b82de63f8f817b5735480293dda8e92ba8170c52"},{"url":"https://git.kernel.org/stable/c/16f929a5e76fd047fd8697e1e568bdd7d771955c"},{"url":"https://git.kernel.org/stable/c/9d925d2dc82cec2bcbd8625457645d8a548ab22e"},{"url":"https://git.kernel.org/stable/c/1e53834ce541d4fe271cdcca7703e50be0a44f8a"}],"title":"ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero","x_generator":{"engine":"bippy-1.2.0"}}}}