CVE-2022-48715 in Linuxinfo

Summary

by MITRE • 06/20/2024

In the Linux kernel, the following vulnerability has been resolved:

scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe

Running tests with a debug kernel shows that bnx2fc_recv_frame() is modifying the per_cpu lport stats counters in a non-mpsafe way. Just boot a debug kernel and run the bnx2fc driver with the hardware enabled.

[ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_
[ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
[ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B
[ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013
[ 1391.699183] Call Trace:
[ 1391.699188] dump_stack_lvl+0x57/0x7d
[ 1391.699198] check_preemption_disabled+0xc8/0xd0
[ 1391.699205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
[ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180
[ 1391.699221] ? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc]
[ 1391.699229] ? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc]
[ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc]
[ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc]
[ 1391.699258] kthread+0x364/0x420
[ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50
[ 1391.699268] ? set_kthread_struct+0x100/0x100
[ 1391.699273] ret_from_fork+0x22/0x30

Restore the old get_cpu/put_cpu code with some modifications to reduce the size of the critical section.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 10/01/2025

The vulnerability identified as CVE-2022-48715 affects the Linux kernel's SCSI subsystem, specifically within the bnx2fc driver responsible for Fibre Channel over Ethernet connectivity. This issue represents a critical multi-processing safety problem that can lead to system instability and potential denial of service conditions. The flaw manifests when the bnx2fc_recv_frame() function attempts to modify per-CPU statistics counters in a manner that violates kernel preemption safety requirements, creating a scenario where concurrent execution contexts can corrupt shared data structures.

The technical root cause stems from improper use of smp_processor_id() within a preemptible code context, specifically within the bnx2fc_recv_frame() function that processes incoming Fibre Channel frames. According to the kernel's locking and concurrency model, functions executing in preemptible contexts cannot safely use smp_processor_id() because it assumes a non-preemptible environment where the current CPU can be safely determined without risking race conditions or data corruption. The kernel's debug output clearly demonstrates this violation when the function attempts to access per-CPU statistics from a thread context that may be preempted, leading to the BUG message and system instability.

This vulnerability operates at the intersection of several critical security and stability domains within the Linux kernel architecture. The bnx2fc driver manages Fibre Channel over Ethernet connections for HP ProLiant servers, making this issue particularly concerning for enterprise storage environments where high availability and data integrity are paramount. The flaw can be triggered through normal operation when the driver processes incoming frames, potentially causing system crashes or hangs that would require manual intervention to recover from. The impact extends beyond simple service disruption to potentially compromise data access in storage networks where these drivers are deployed.

The operational consequences of this vulnerability are severe for systems utilizing the affected hardware and driver configurations. Organizations running HP ProLiant DL120 G7 servers with bnx2fc-enabled storage connectivity face potential system crashes when processing Fibre Channel traffic, leading to unplanned downtime and service disruption. The vulnerability's exploitation requires only normal driver operation, making it particularly dangerous as it can be triggered by routine network activity without any malicious intent. Security practitioners must consider this vulnerability in the context of supply chain attacks where adversaries might target storage infrastructure components to gain persistent access or cause service degradation.

Mitigation strategies should prioritize immediate patch application from the Linux kernel maintainers, as the fix involves restoring proper CPU affinity handling through get_cpu/put_cpu code patterns that reduce critical section size while maintaining thread safety. System administrators should also implement monitoring for kernel BUG messages related to smp_processor_id() usage and preemptible context violations. The fix addresses the underlying architectural issue by ensuring proper synchronization mechanisms are used when accessing per-CPU data structures, aligning with best practices for kernel development and concurrency control. Organizations should validate their storage network configurations and ensure all systems running affected bnx2fc drivers receive updates promptly to prevent potential exploitation scenarios.

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!