| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120935-CVE-2022-50636-6d4d@gregkh> Date: Tue, 9 Dec 2025 09:01:37 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50636: PCI: Fix pci_device_is_present() for VFs by checking PF From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_device_is_present() for VFs by checking PF pci_device_is_present() previously didn't work for VFs because it reads the Vendor and Device ID, which are 0xffff for VFs, which looks like they aren't present. Check the PF instead. Wei Gong reported that if virtio I/O is in progress when the driver is unbound or "0" is written to /sys/.../sriov_numvfs, the virtio I/O operation hangs, which may result in output like this: task:bash state:D stack: 0 pid: 1773 ppid: 1241 flags:0x00004002 Call Trace: schedule+0x4f/0xc0 blk_mq_freeze_queue_wait+0x69/0xa0 blk_mq_freeze_queue+0x1b/0x20 blk_cleanup_queue+0x3d/0xd0 virtblk_remove+0x3c/0xb0 [virtio_blk] virtio_dev_remove+0x4b/0x80 ... device_unregister+0x1b/0x60 unregister_virtio_device+0x18/0x30 virtio_pci_remove+0x41/0x80 pci_device_remove+0x3e/0xb0 This happened because pci_device_is_present(VF) returned "false" in virtio_pci_remove(), so it called virtio_break_device(). The broken vq meant that vring_interrupt() skipped the vq.callback() that would have completed the virtio I/O operation via virtblk_done(). [bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag] The Linux kernel CVE team has assigned CVE-2022-50636 to this issue. Affected and fixed versions =========================== Fixed in 4.14.303 with commit f4b44c7766dae2b8681f621941cabe9f14066d59 Fixed in 4.19.270 with commit 643d77fda08d06f863af35e80a7e517ea61d9629 Fixed in 5.4.229 with commit 65bd0962992abd42e77a05e68c7b40e7c73726d1 Fixed in 5.10.163 with commit 99ef6cc791584495987dd11b14769b450dfa5820 Fixed in 5.15.87 with commit 67fd41bbb0f51aa648a47f728b99e6f1fa2ccc34 Fixed in 6.0.18 with commit 81565e51ccaf6fff8910e997ee22e16b5e1dabc3 Fixed in 6.1.4 with commit 518573988a2f14f517403db2ece5ddaefba21e94 Fixed in 6.2 with commit 98b04dd0b4577894520493d96bc4623387767445 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50636 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/pci/pci.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f4b44c7766dae2b8681f621941cabe9f14066d59 https://git.kernel.org/stable/c/643d77fda08d06f863af35e80a7e517ea61d9629 https://git.kernel.org/stable/c/65bd0962992abd42e77a05e68c7b40e7c73726d1 https://git.kernel.org/stable/c/99ef6cc791584495987dd11b14769b450dfa5820 https://git.kernel.org/stable/c/67fd41bbb0f51aa648a47f728b99e6f1fa2ccc34 https://git.kernel.org/stable/c/81565e51ccaf6fff8910e997ee22e16b5e1dabc3 https://git.kernel.org/stable/c/518573988a2f14f517403db2ece5ddaefba21e94 https://git.kernel.org/stable/c/98b04dd0b4577894520493d96bc4623387767445
Powered by blists - more mailing lists