vulnerability

SUSE: CVE-2022-48715: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	06/20/2024	08/09/2024	02/18/2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

06/20/2024

Added

08/09/2024

Modified

02/18/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe

Running tests with a debug kernel shows that bnx2fc_recv_frame() is
modifying the per_cpu lport stats counters in a non-mpsafe way. Just boot
a debug kernel and run the bnx2fc driver with the hardware enabled.

[ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_
[ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
[ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B
[ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013
[ 1391.699183] Call Trace:
[ 1391.699188] dump_stack_lvl+0x57/0x7d
[ 1391.699198] check_preemption_disabled+0xc8/0xd0
[ 1391.699205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
[ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180
[ 1391.699221] ? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc]
[ 1391.699229] ? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc]
[ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc]
[ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc]
[ 1391.699258] kthread+0x364/0x420
[ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50
[ 1391.699268] ? set_kthread_struct+0x100/0x100
[ 1391.699273] ret_from_fork+0x22/0x30

Restore the old get_cpu/put_cpu code with some modifications to reduce the
size of the critical section.

Solution(s)

suse-upgrade-cluster-md-kmp-azuresuse-upgrade-cluster-md-kmp-rtsuse-upgrade-dlm-kmp-azuresuse-upgrade-dlm-kmp-rtsuse-upgrade-gfs2-kmp-azuresuse-upgrade-gfs2-kmp-rtsuse-upgrade-kernel-64kbsuse-upgrade-kernel-64kb-develsuse-upgrade-kernel-azuresuse-upgrade-kernel-azure-basesuse-upgrade-kernel-azure-develsuse-upgrade-kernel-azure-extrasuse-upgrade-kernel-azure-livepatch-develsuse-upgrade-kernel-azure-optionalsuse-upgrade-kernel-azure-vdsosuse-upgrade-kernel-defaultsuse-upgrade-kernel-default-basesuse-upgrade-kernel-default-develsuse-upgrade-kernel-default-extrasuse-upgrade-kernel-default-mansuse-upgrade-kernel-develsuse-upgrade-kernel-devel-azuresuse-upgrade-kernel-devel-rtsuse-upgrade-kernel-docssuse-upgrade-kernel-macrossuse-upgrade-kernel-obs-buildsuse-upgrade-kernel-preemptsuse-upgrade-kernel-preempt-develsuse-upgrade-kernel-rtsuse-upgrade-kernel-rt-develsuse-upgrade-kernel-rt-extrasuse-upgrade-kernel-rt-livepatchsuse-upgrade-kernel-rt-livepatch-develsuse-upgrade-kernel-rt-optionalsuse-upgrade-kernel-rt-vdsosuse-upgrade-kernel-rt_debugsuse-upgrade-kernel-rt_debug-develsuse-upgrade-kernel-rt_debug-livepatch-develsuse-upgrade-kernel-rt_debug-vdsosuse-upgrade-kernel-sourcesuse-upgrade-kernel-source-azuresuse-upgrade-kernel-source-rtsuse-upgrade-kernel-symssuse-upgrade-kernel-syms-azuresuse-upgrade-kernel-syms-rtsuse-upgrade-kernel-zfcpdumpsuse-upgrade-kselftests-kmp-azuresuse-upgrade-kselftests-kmp-rtsuse-upgrade-ocfs2-kmp-azuresuse-upgrade-ocfs2-kmp-rtsuse-upgrade-reiserfs-kmp-azuresuse-upgrade-reiserfs-kmp-defaultsuse-upgrade-reiserfs-kmp-rt

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today