CVE-2022-49155 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
[ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020
[ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]
[ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1
[ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018
[ 12.356356] Call Trace:
[ 12.358821] dump_stack_lvl+0x34/0x44
[ 12.362514] check_preemption_disabled+0xd9/0xe0
[ 12.367164] qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]
[ 12.372481] qla2x00_probe_one+0xa3a/0x1b80 [qla2xxx]
[ 12.377617] ? _raw_spin_lock_irqsave+0x19/0x40
[ 12.384284] local_pci_probe+0x42/0x80
[ 12.390162] ? pci_match_device+0xd7/0x110
[ 12.396366] pci_device_probe+0xfd/0x1b0
[ 12.402372] really_probe+0x1e7/0x3e0
[ 12.408114] __driver_probe_device+0xfe/0x180
[ 12.414544] driver_probe_device+0x1e/0x90
[ 12.420685] __driver_attach+0xc0/0x1c0
[ 12.426536] ? __device_attach_driver+0xe0/0xe0
[ 12.433061] ? __device_attach_driver+0xe0/0xe0
[ 12.439538] bus_for_each_dev+0x78/0xc0
[ 12.445294] bus_add_driver+0x12b/0x1e0
[ 12.451021] driver_register+0x8f/0xe0
[ 12.456631] ? 0xffffffffc07bc000
[ 12.461773] qla2x00_module_init+0x1be/0x229 [qla2xxx]
[ 12.468776] do_one_initcall+0x44/0x200
[ 12.474401] ? load_module+0xad3/0xba0
[ 12.479908] ? kmem_cache_alloc_trace+0x45/0x410
[ 12.486268] do_init_module+0x5c/0x280
[ 12.491730] __do_sys_init_module+0x12e/0x1b0
[ 12.497785] do_syscall_64+0x3b/0x90
[ 12.503029] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 12.509764] RIP: 0033:0x7f554f73ab2e
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/13/2025
The vulnerability identified as CVE-2022-49155 resides within the Linux kernel's qla2xxx driver, which manages QLogic SCSI host adapters. This issue manifests as a kernel complaint triggered during the execution of the qla_create_qpair function, specifically when smp_processor_id() is invoked in a context where preemption is disabled. The kernel's locking mechanism detects this violation and generates a BUG message, indicating that the code attempts to access the current CPU identifier from a context that does not allow for preemption. This flaw occurs during the device probe phase when systemd-udevd attempts to initialize the SCSI adapter, highlighting a concurrency issue within the driver's initialization sequence.
The technical root cause stems from improper handling of kernel preemption rules within the qla2xxx driver's queue pair creation routine. The smp_processor_id() macro is designed to return the processor ID of the currently executing CPU, but it must be used in contexts where preemption is enabled to maintain kernel stability. When invoked in a preemptible code section, the kernel's internal checks identify this as a potential race condition that could lead to incorrect CPU identification or system instability. The call trace shows this violation occurs in the qla2xxx_create_qpair function, which is part of the broader qla2x00_probe_one function that handles device initialization. This pattern aligns with CWE-362, which describes concurrent execution issues such as race conditions, and specifically relates to improper use of kernel synchronization primitives. The vulnerability presents a direct threat to system stability during boot processes or device initialization, particularly in environments where multiple CPU cores are actively processing concurrent operations.
The operational impact of CVE-2022-49155 extends beyond simple kernel panic conditions, affecting system reliability and availability in enterprise storage environments. When the qla2xxx driver encounters this issue during device probe, it can result in failed device initialization, leading to SCSI adapter unavailability and potential data access disruptions. The problem is particularly concerning in high-availability systems where storage adapters are critical components, as it may cause intermittent boot failures or device detection issues. The vulnerability affects systems running kernel versions 5.14.0 and later, particularly those utilizing Red Hat Enterprise Linux 9 or similar distributions that include the patched kernel version 5.14.0-29.el9.x86_64. From an ATT&CK perspective, this vulnerability could be leveraged in supply chain attacks or system compromise scenarios where attackers target kernel-level stability to maintain persistence or escalate privileges. The issue demonstrates how seemingly minor kernel-level coding errors can result in significant operational disruptions, especially in mission-critical infrastructure environments.
Mitigation strategies for CVE-2022-49155 should focus on applying the appropriate kernel patches that address the preemption violation in the qla2xxx driver. System administrators must update to kernel versions that include the fix, which typically involves modifying the qla2xxx_create_qpair function to ensure proper preemption handling when calling smp_processor_id(). Organizations should prioritize patch management processes to ensure all systems running affected kernel versions receive timely updates. Additionally, monitoring systems should be configured to detect kernel BUG messages related to smp_processor_id() usage, as these could indicate potential system instability. For environments where immediate patching is not feasible, implementing runtime protections such as disabling problematic SCSI adapter initialization sequences or using alternative storage drivers may provide temporary mitigation. Security teams should also consider conducting vulnerability assessments to identify systems running vulnerable kernel versions and establish automated patch deployment workflows to prevent exploitation. The fix typically involves modifying the driver code to either defer the smp_processor_id() call until a safe context is established or to use alternative synchronization mechanisms that do not violate kernel preemption rules, thereby aligning with best practices for kernel module development and secure coding standards.