CVE-2022-48825 in Linux
Summary
by MITRE • 07/16/2024
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedf: Add stag_work to all the vports
Call trace seen when creating NPIV ports, only 32 out of 64 show online. stag work was not initialized for vport, hence initialize the stag work.
WARNING: CPU: 8 PID: 645 at kernel/workqueue.c:1635 __queue_delayed_work+0x68/0x80 CPU: 8 PID: 645 Comm: kworker/8:1 Kdump: loaded Tainted: G IOE --------- -- 4.18.0-348.el8.x86_64 #1 Hardware name: Dell Inc. PowerEdge MX740c/0177V9, BIOS 2.12.2 07/09/2021 Workqueue: events fc_lport_timeout [libfc]
RIP: 0010:__queue_delayed_work+0x68/0x80 Code: 89 b2 88 00 00 00 44 89 82 90 00 00 00 48 01 c8 48 89 42 50 41 81 f8 00 20 00 00 75 1d e9 60 24 07 00 44 89 c7 e9 98 f6 ff ff 0b eb c5 0f 0b eb a1 0f 0b eb a7 0f 0b eb ac 44 89 c6 e9 40 23 RSP: 0018:ffffae514bc3be40 EFLAGS: 00010006 RAX: ffff8d25d6143750 RBX: 0000000000000202 RCX: 0000000000000002 RDX: ffff8d2e31383748 RSI: ffff8d25c000d600 RDI: ffff8d2e31383788 RBP: ffff8d2e31380de0 R08: 0000000000002000 R09: ffff8d2e31383750 R10: ffffffffc0c957e0 R11: ffff8d2624800000 R12: ffff8d2e31380a58 R13: ffff8d2d915eb000 R14: ffff8d25c499b5c0 R15: ffff8d2e31380e18 FS: 0000000000000000(0000) GS:ffff8d2d1fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055fd0484b8b8 CR3: 00000008ffc10006 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: queue_delayed_work_on+0x36/0x40 qedf_elsct_send+0x57/0x60 [qedf]
fc_lport_enter_flogi+0x90/0xc0 [libfc]
fc_lport_timeout+0xb7/0x140 [libfc]
process_one_work+0x1a7/0x360 ? create_worker+0x1a0/0x1a0 worker_thread+0x30/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x116/0x130 ? kthread_flush_work_fn+0x10/0x10 ret_from_fork+0x35/0x40 ---[ end trace 008f00f722f2c2ff ]--
Initialize stag work for all the vports.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 10/07/2025
The vulnerability identified as CVE-2022-48825 affects the Linux kernel's SCSI subsystem, specifically within the qedf driver that handles QLogic QEDF FCoE (Fibre Channel over Ethernet) functionality. This issue manifests during the creation of NPIV (N_Port Identifier Virtualization) ports, where only a subset of the expected virtual ports become operational, creating a partial failure condition that impacts storage connectivity. The root cause lies in the improper initialization of the stag_work structure for virtual ports, which is essential for proper port state management and communication within the FCoE fabric.
The technical flaw occurs in the workqueue subsystem where the kernel attempts to queue delayed work items for virtual ports that have not been properly initialized. The call trace demonstrates a critical failure path through kernel/workqueue.c at line 1635 in the __queue_delayed_work function, indicating that work items intended for virtual port management are being queued without proper setup. This results in a kernel oops or warning condition where the system attempts to access uninitialized memory structures, specifically the stag_work component that should be initialized for all virtual ports created under the qedf driver. The warning message shows the system attempting to queue work on a workqueue named events fc_lport_timeout within the libfc module, which is responsible for Fibre Channel port state management.
The operational impact of this vulnerability can be significant in enterprise storage environments that rely heavily on FCoE connectivity and virtualized storage ports. When only 32 out of 64 expected virtual ports become operational, it creates partial connectivity failures that can lead to data access issues, performance degradation, and potential service disruptions. The affected system may appear stable initially but will experience intermittent failures in storage communication, particularly during port initialization or when handling Fibre Channel login sequences. This vulnerability directly impacts the reliability of FCoE implementations in data centers where NPIV is commonly used for virtual machine storage connectivity, potentially leading to cascading failures in virtualized environments.
The mitigation strategy involves ensuring that the stag_work structure is properly initialized for all virtual ports created by the qedf driver. This fix addresses the fundamental issue by guaranteeing that each virtual port receives the necessary workqueue initialization before attempting to queue delayed work items. The solution aligns with CWE-691, which addresses insufficient initialization of resources, and addresses ATT&CK technique T1499.001, which covers network denial of service attacks that can be initiated through kernel-level resource exhaustion or improper initialization. Organizations should apply the kernel patch that implements proper initialization of the stag_work structure for all vports, particularly in environments using QLogic QEDF FCoE adapters where virtual port creation is frequent. The fix ensures that all virtual ports created through the NPIV mechanism receive proper state management resources, preventing the kernel panic conditions that occur when attempting to queue work on improperly initialized structures.