1. Home
  2. Vulnerabilities
  3. CVE-2022-49625
5.5
MEDIUM CVSS 3.1
CVE-2022-49625
sfc: fix kernel panic when creating VF
Description

In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efx_ef10_try_update_nic_stats_vf. When releasing a DMA coherent buffer, sometimes, I don't know in what specific circumstances, it has to unmap memory with vunmap. It is disallowed to do that in IRQ context or with BH disabled. Otherwise, we hit this line in vunmap, causing the crash: BUG_ON(in_interrupt()); This patch reenables BH to release the buffer. Log messages when the bug is hit: kernel BUG at mm/vmalloc.c:2727! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 6 PID: 1462 Comm: NetworkManager Kdump: loaded Tainted: G I --------- --- 5.14.0-119.el9.x86_64 #1 Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020 RIP: 0010:vunmap+0x2e/0x30 ...skip... Call Trace: __iommu_dma_free+0x96/0x100 efx_nic_free_buffer+0x2b/0x40 [sfc] efx_ef10_try_update_nic_stats_vf+0x14a/0x1c0 [sfc] efx_ef10_update_stats_vf+0x18/0x40 [sfc] efx_start_all+0x15e/0x1d0 [sfc] efx_net_open+0x5a/0xe0 [sfc] __dev_open+0xe7/0x1a0 __dev_change_flags+0x1d7/0x240 dev_change_flags+0x21/0x60 ...skip...

INFO

Published Date :

Feb. 26, 2025, 7:01 a.m.

Last Modified :

Oct. 23, 2025, 12:09 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2022-49625 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
Solution
This vulnerability can be remediated by updating the Linux kernel packages.
  • Update the affected Linux kernel packages.
  • Reboot the system after the update.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-49625.

URL Resource
https://git.kernel.org/stable/c/16662524ec5da801fb78a1afcaf6e782f1cf103a Patch
https://git.kernel.org/stable/c/68e5f32f0de9594629ff9e599294d9801c6187de Patch
https://git.kernel.org/stable/c/82bcb730f856086f033e6c04082eb4503d4c2fa4 Patch
https://git.kernel.org/stable/c/ada74c5539eba06cf8b47d068f92e0b3963a9a6e Patch
https://git.kernel.org/stable/c/b82e4ad58a7fb72456503958a93060f87896e629 Patch
https://git.kernel.org/stable/c/b9072305270579a9d6afc9b926166231e5b1a7c8 Patch
https://git.kernel.org/stable/c/d9840212a9c00507347c703f4fdeda16400407e0 Patch
https://git.kernel.org/stable/c/da346adcf5573fd8663cabfdfe8371009629a906 Patch
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-49625 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-49625 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-49625 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2022-49625 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Oct. 23, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.2 up to (excluding) 4.9.324 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.289 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.253 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.207 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.132 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.56 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.18.13
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/16662524ec5da801fb78a1afcaf6e782f1cf103a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/68e5f32f0de9594629ff9e599294d9801c6187de Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/82bcb730f856086f033e6c04082eb4503d4c2fa4 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ada74c5539eba06cf8b47d068f92e0b3963a9a6e Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/b82e4ad58a7fb72456503958a93060f87896e629 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/b9072305270579a9d6afc9b926166231e5b1a7c8 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d9840212a9c00507347c703f4fdeda16400407e0 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/da346adcf5573fd8663cabfdfe8371009629a906 Types: Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 26, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efx_ef10_try_update_nic_stats_vf. When releasing a DMA coherent buffer, sometimes, I don't know in what specific circumstances, it has to unmap memory with vunmap. It is disallowed to do that in IRQ context or with BH disabled. Otherwise, we hit this line in vunmap, causing the crash: BUG_ON(in_interrupt()); This patch reenables BH to release the buffer. Log messages when the bug is hit: kernel BUG at mm/vmalloc.c:2727! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 6 PID: 1462 Comm: NetworkManager Kdump: loaded Tainted: G I --------- --- 5.14.0-119.el9.x86_64 #1 Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020 RIP: 0010:vunmap+0x2e/0x30 ...skip... Call Trace: __iommu_dma_free+0x96/0x100 efx_nic_free_buffer+0x2b/0x40 [sfc] efx_ef10_try_update_nic_stats_vf+0x14a/0x1c0 [sfc] efx_ef10_update_stats_vf+0x18/0x40 [sfc] efx_start_all+0x15e/0x1d0 [sfc] efx_net_open+0x5a/0xe0 [sfc] __dev_open+0xe7/0x1a0 __dev_change_flags+0x1d7/0x240 dev_change_flags+0x21/0x60 ...skip...
    Added Reference https://git.kernel.org/stable/c/16662524ec5da801fb78a1afcaf6e782f1cf103a
    Added Reference https://git.kernel.org/stable/c/68e5f32f0de9594629ff9e599294d9801c6187de
    Added Reference https://git.kernel.org/stable/c/82bcb730f856086f033e6c04082eb4503d4c2fa4
    Added Reference https://git.kernel.org/stable/c/ada74c5539eba06cf8b47d068f92e0b3963a9a6e
    Added Reference https://git.kernel.org/stable/c/b82e4ad58a7fb72456503958a93060f87896e629
    Added Reference https://git.kernel.org/stable/c/b9072305270579a9d6afc9b926166231e5b1a7c8
    Added Reference https://git.kernel.org/stable/c/d9840212a9c00507347c703f4fdeda16400407e0
    Added Reference https://git.kernel.org/stable/c/da346adcf5573fd8663cabfdfe8371009629a906
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact