CVE-2022-49858 in Linux
Summary
by MITRE • 05/01/2025
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: Fix SQE threshold checking
Current way of checking available SQE count which is based on HW updated SQB count could result in driver submitting an SQE even before CQE for the previously transmitted SQE at the same index is processed in NAPI resulting losing SKB pointers, hence a leak. Fix this by checking a consumer index which is updated once CQE is processed.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/14/2026
The vulnerability identified as CVE-2022-49858 resides within the Linux kernel's octeontx2-pf driver component, specifically addressing a critical flaw in the handling of Submission Queue Entries (SQEs) for the Cavium Octeon TX2 network interface controller. This issue manifests as a race condition between hardware-based queue management and software-driven processing that can lead to severe memory corruption and resource leakage. The problem occurs during the normal operation of network packet processing where the driver must maintain proper synchronization between submission and completion queue operations to prevent data loss and system instability.
The technical root cause stems from an inadequate method of checking available SQE count in the hardware-based queue management system. The original implementation relied solely on the hardware-updated SQB (Submission Queue Block) count to determine when new SQEs could be submitted to the network interface. This approach created a timing window where the driver could prematurely submit a new SQE to an index that had not yet completed processing of its preceding SQE, particularly when the completion queue entry (CQE) for the previous SQE had not yet been processed by the NAPI (Network API) subsystem. This race condition directly violates fundamental principles of concurrent queue management and memory synchronization.
The operational impact of this vulnerability extends beyond simple performance degradation to encompass potential system crashes and memory leaks that can compromise network functionality and overall system stability. When the driver submits an SQE before the corresponding CQE processing completes, it results in the loss of SKB (Socket Buffer) pointers that are critical for managing network packet data structures. These SKB pointers contain references to the actual packet data that must be properly tracked and released to prevent memory leaks. The consequence is that network packets become unreferenced and memory becomes unavailable for reuse, leading to progressive memory exhaustion that can eventually cause system instability or complete network service disruption.
The fix implemented addresses this vulnerability by introducing a more robust checking mechanism that incorporates the consumer index update process, which occurs only after CQE processing is fully completed. This approach aligns with established best practices for queue management systems and follows the principles outlined in CWE-362, which addresses race conditions in concurrent systems. The solution ensures proper synchronization between hardware queue state updates and software processing completion, effectively preventing the premature submission of SQEs that would otherwise lead to pointer corruption. This mitigation strategy directly addresses the ATT&CK technique T1499.004, which involves resource exhaustion attacks, by ensuring proper memory management and preventing the leakage of network packet buffers. The implementation of this fix requires careful consideration of interrupt handling and NAPI processing order to maintain optimal network throughput while preventing the race condition that previously allowed for memory corruption and resource leaks in the octeontx2-pf driver subsystem.