CVE-2022-49157 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix premature hw access after PCI error
After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS to give the resume signal.
Sep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440 qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx]
Sep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx]
Sep 8 22:26:03 localhost kernel: Call Trace: Sep 8 22:26:03 localhost kernel: ? qla27xx_walk_template+0xb1/0x1b0 [qla2xxx]
Sep 8 22:26:03 localhost kernel: ? qla27xx_execute_fwdt_template+0x12a/0x160 [qla2xxx]
Sep 8 22:26:03 localhost kernel: ? qla27xx_fwdump+0xa0/0x1c0 [qla2xxx]
Sep 8 22:26:03 localhost kernel: ? qla2xxx_pci_mmio_enabled+0xfb/0x120 [qla2xxx]
Sep 8 22:26:03 localhost kernel: ? report_mmio_enabled+0x44/0x80 Sep 8 22:26:03 localhost kernel: ? report_slot_reset+0x80/0x80 Sep 8 22:26:03 localhost kernel: ? pci_walk_bus+0x70/0x90 Sep 8 22:26:03 localhost kernel: ? aer_dev_correctable_show+0xc0/0xc0 Sep 8 22:26:03 localhost kernel: ? pcie_do_recovery+0x1bb/0x240 Sep 8 22:26:03 localhost kernel: ? aer_recover_work_func+0xaa/0xd0 Sep 8 22:26:03 localhost kernel: ? process_one_work+0x1a7/0x360 .. Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-8041:22: detected PCI
disconnect. Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22:
qla27xx_fwdt_entry_t262: dump ram MB failed. Area 5h start 198013h end 198013h Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22: Unable to
capture FW dump Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-1015:22: cmd=0x0,
waited 5221 msecs Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-680d:22: mmio
enabled returning. Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-d04c:22: MBX
Command timeout for cmd 0, iocontrol=ffffffff jiffies=10140f2e5 mb[0-3]=[0xffff 0xffff 0xffff 0xffff]
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/12/2025
The vulnerability identified as CVE-2022-49157 resides within the Linux kernel's SCSI qla2xxx driver, specifically affecting the qla27xx family of network interface controllers. This issue manifests as a race condition or improper state handling following a recoverable PCI error, where the driver attempts to access hardware components before ensuring the error condition has fully resolved or that the operating system has explicitly signaled a resume. The problem occurs during the recovery phase of PCI error handling, where the driver's logic fails to properly synchronize with the hardware state, leading to premature hardware access attempts that can result in system instability or data corruption. The kernel log entries clearly demonstrate the sequence of events including the detection of a PCI disconnect, firmware dump failures, and command timeouts, indicating that the driver is attempting to communicate with hardware components that are not yet ready or accessible.
The technical flaw stems from inadequate error state management within the qla2xxx driver's PCI error recovery mechanism. When a recoverable PCI error occurs, the system should enter a controlled recovery state where hardware access is suspended until the error condition is properly cleared and the OS has issued a resume signal. However, the driver's implementation lacks proper validation checks to confirm that the PCI error condition has truly resolved before proceeding with hardware operations. This improper state transition leads to a condition where the driver attempts to execute mailbox commands and access memory-mapped I/O regions while the hardware is still in an inconsistent state, resulting in timeouts and failed operations as evidenced by the mbx command timeouts and failed firmware dump attempts. The error occurs in the qla27xx_fwdt_entry_t266 function, which is part of the firmware download and template execution process, further highlighting the driver's failure to properly synchronize with the PCI subsystem during error recovery.
The operational impact of this vulnerability extends beyond simple performance degradation to potential system crashes and data integrity issues in environments utilizing qla2xxx SCSI controllers. Systems running with affected kernel versions may experience unexpected system hangs, kernel oops messages, and SCSI command failures that can lead to complete system instability. The vulnerability particularly affects enterprise storage environments where high availability and reliable I/O operations are critical, as the premature hardware access can cause extended downtime during error recovery scenarios. Network attached storage systems, database servers, and virtualization platforms that rely on SCSI connectivity for storage operations are most vulnerable to this issue, as the error recovery process can cause cascading failures in storage I/O paths. The timing of the vulnerability, occurring immediately after PCI error detection and recovery, makes it particularly dangerous as it can disrupt ongoing I/O operations and potentially lead to data loss if the system cannot properly recover from the error state.
Mitigation strategies for this vulnerability should focus on applying the patched kernel version that contains the corrected PCI error recovery logic in the qla2xxx driver. System administrators should prioritize updating their Linux kernel installations to versions that include the fix, particularly in production environments where the risk of system instability is unacceptable. The patch implements proper state validation checks that ensure the driver waits for appropriate signals from the OS or confirms that the PCI error condition has fully cleared before attempting hardware access. Additionally, monitoring systems should be enhanced to detect the specific kernel warning messages associated with this vulnerability, allowing for proactive identification of systems that may be experiencing the issue. Organizations should also consider implementing hardware-level error detection and recovery procedures, including periodic PCI bus scans and error log monitoring, to detect and isolate affected hardware components before they can cause system-wide issues. The fix aligns with industry best practices for PCI error handling as defined in the Linux kernel documentation and follows the principles outlined in CWE-362 for concurrent execution issues and CWE-119 for memory access violations, ensuring that hardware access is properly synchronized with system state transitions during error recovery scenarios.