CVE-2022-48715
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
Running tests with a debug kernel shows that bnx2fc_recv_frame() is
modifying the per_cpu lport stats counters in a non-mpsafe way. Just boot
a debug kernel and run the bnx2fc driver with the hardware enabled.
[ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_
[ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
[ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B
[ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013
[ 1391.699183] Call Trace:
[ 1391.699188] dump_stack_lvl+0x57/0x7d
[ 1391.699198] check_preemption_disabled+0xc8/0xd0
[ 1391.699205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
[ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180
[ 1391.699221] ? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc]
[ 1391.699229] ? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc]
[ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc]
[ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc]
[ 1391.699258] kthread+0x364/0x420
[ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50
[ 1391.699268] ? set_kthread_struct+0x100/0x100
[ 1391.699273] ret_from_fork+0x22/0x30
Restore the old get_cpu/put_cpu code with some modifications to reduce the
size of the critical section.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: bnx2fc: Hacer que bnx2fc_recv_frame() mp sea seguro La ejecución de pruebas con un kernel de depuración muestra que bnx2fc_recv_frame() está modificando los contadores de estadísticas de puerto por CPU de una manera no segura para mp. Simplemente inicie un kernel de depuración y ejecute el controlador bnx2fc con el hardware habilitado. [1391.699147] ERROR: uso de smp_processor_id() en código interrumpible [00000000]: bnx2fc_ [1391.699160] la persona que llama es bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc] [1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: cargado Contaminado: GB [ 1391.699180 ] Nombre del hardware: HP ProLiant DL120 G7, BIOS J01 01/07/2013 [ 1391.699183] Seguimiento de llamadas: [ 1391.699188] dump_stack_lvl+0x57/0x7d [ 1391.699198] check_preemption_disabled+0xc8/0xd0 [ 1391.69 9205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc] [ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180 [1391.699221]? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc] [1391.699229]? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc] [ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc] [ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc] [ 1391.699258] kthread+0x364/0x420 [ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50 [1391.699268]? set_kthread_struct+0x100/0x100 [ 1391.699273] ret_from_fork+0x22/0x30 Restaura el antiguo código get_cpu/put_cpu con algunas modificaciones para reducir el tamaño de la sección crítica.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-20 CVE Reserved
- 2024-06-20 CVE Published
- 2024-06-21 EPSS Updated
- 2024-09-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/d576a5e80cd07ea7049f8fd7b303c14df7b5d7d2 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.16 < 4.9.300 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 4.9.300" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.16 < 4.14.265 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 4.14.265" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.16 < 4.19.228 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 4.19.228" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.16 < 5.4.178 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.4.178" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.16 < 5.10.99 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.10.99" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.16 < 5.15.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.15.22" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.16 < 5.16.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.16.8" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.16 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.17" | en |
Affected
| ||||||