{"timestamp":"2024-10-22T13:17:20.394145Z","id":"CVE-2022-48985","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/microsoft/mana/gdma.h","drivers/net/ethernet/microsoft/mana/mana_en.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e1b5683ff62e7b328317aec08869495992053e9d","lessThan":"fe50a9bbeb1f042e756c5cfa7708112c944368de","versionType":"git","status":"affected"},{"version":"e1b5683ff62e7b328317aec08869495992053e9d","lessThan":"6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3","versionType":"git","status":"affected"},{"version":"e1b5683ff62e7b328317aec08869495992053e9d","lessThan":"18010ff776fa42340efc428b3ea6d19b3e7c7b21","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/microsoft/mana/gdma.h","drivers/net/ethernet/microsoft/mana/mana_en.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.83","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.0.13","lessThanOrEqual":"6.0.*","versionType":"semver","status":"unaffected"},{"version":"6.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

NIST AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

NIST NVD-CWE-noinfo

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15 up to (excluding) 5.15.83
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.0.13
     *cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*

https://git.kernel.org/stable/c/18010ff776fa42340efc428b3ea6d19b3e7c7b21 No Types Assigned

https://git.kernel.org/stable/c/18010ff776fa42340efc428b3ea6d19b3e7c7b21 Patch

https://git.kernel.org/stable/c/6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3 No Types Assigned

https://git.kernel.org/stable/c/6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3 Patch

https://git.kernel.org/stable/c/fe50a9bbeb1f042e756c5cfa7708112c944368de No Types Assigned

https://git.kernel.org/stable/c/fe50a9bbeb1f042e756c5cfa7708112c944368de Patch

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Fix race on per-CQ variable napi work_done

After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be
cleared, and another CPU can start napi thread and access per-CQ variable,
cq->work_done. If the other thread (for example, from busy_poll) sets
it to a value >= budget, this thread will continue to run when it should
stop, and cause memory corruption and panic.

To fix this issue, save the per-CQ work_done variable in a local variable
before napi_complete_done(), so it won't be corrupted by a possible
concurrent thread after napi_complete_done().

Also, add a flag bit to advertise to the NIC firmware: the NAPI work_done
variable race is fixed, so the driver is able to reliably support features
like busy_poll.

kernel.org https://git.kernel.org/stable/c/18010ff776fa42340efc428b3ea6d19b3e7c7b21 [No types assigned]

kernel.org https://git.kernel.org/stable/c/6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3 [No types assigned]

kernel.org https://git.kernel.org/stable/c/fe50a9bbeb1f042e756c5cfa7708112c944368de [No types assigned]