Executive Summary

Informations
Name CVE-2022-49536 First vendor Publication 2025-02-26
Vendor Cve Last vendor Modification 2025-03-10

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock

During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed.

CPU A:
native_queued_spin_lock_slowpath+0x192
_raw_spin_lock_irqsave+0x32
lpfc_handle_fcp_err+0x4c6
lpfc_fcp_io_cmd_wqe_cmpl+0x964
lpfc_sli4_fp_handle_cqe+0x266
__lpfc_sli4_process_cq+0x105
__lpfc_sli4_hba_process_cq+0x3c
lpfc_cq_poll_hdler+0x16
irq_poll_softirq+0x76
__softirqentry_text_start+0xe4
irq_exit+0xf7
do_IRQ+0x7f

CPU B:
native_queued_spin_lock_slowpath+0x5b
_raw_spin_lock+0x1c
lpfc_abort_handler+0x13e
scmd_eh_abort_handler+0x85
process_one_work+0x1a7
worker_thread+0x30
kthread+0x112
ret_from_fork+0x1f

Diagram of lockup:

CPUA CPUB ---- ---- lpfc_cmd->buf_lock
phba->hbalock
lpfc_cmd->buf_lock phba->hbalock

Fix by reordering the taking of the lpfc_cmd->buf_lock and phba->hbalock in lpfc_abort_handler routine so that it tries to take the lpfc_cmd->buf_lock first before phba->hbalock.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49536

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-667 Insufficient Locking

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3538

Sources (Detail)

https://git.kernel.org/stable/c/03cbbd7c2f5ee288f648f4aeedc765a181188553
https://git.kernel.org/stable/c/0c4eed901285b9cae36a622f32bea3e92490da6c
https://git.kernel.org/stable/c/21c0d469349957b5dc811c41200a2a998996ca8d
https://git.kernel.org/stable/c/7625e81de2164a082810e1f27547d388406da610
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2025-06-26 02:09:54
  • Multiple Updates
2025-06-25 12:22:45
  • Multiple Updates
2025-06-24 02:14:30
  • Multiple Updates
2025-05-27 02:11:16
  • Multiple Updates
2025-03-29 03:14:48
  • Multiple Updates
2025-03-28 13:35:08
  • Multiple Updates
2025-03-28 02:57:13
  • Multiple Updates
2025-03-19 00:20:57
  • Multiple Updates
2025-03-18 00:21:00
  • Multiple Updates
2025-03-14 00:21:28
  • Multiple Updates
2025-03-13 21:21:20
  • Multiple Updates
2025-03-11 00:21:32
  • Multiple Updates
2025-02-26 17:20:30
  • First insertion