CVE-2022-49542

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49542
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49542.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49542
Downstream
Related
Published
2025-02-26T02:13:56.961Z
Modified
2025-12-23T20:50:14.795519Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Move cfglogverbose check before calling lpfcdmpdbg()

In an attempt to log message 0126 with LOGTRACEEVENT, the following hard lockup call trace hangs the system.

Call Trace: rawspinlockirqsave+0x32/0x40 lpfcdmpdbg.part.32+0x28/0x220 [lpfc] lpfccmplelsfdisc+0x145/0x460 [lpfc] lpfcslicanceljobs+0x92/0xd0 [lpfc] lpfcelsflushcmd+0x43c/0x670 [lpfc] lpfcelsflushallcmd+0x37/0x60 [lpfc] lpfcsli4asynceventproc+0x956/0x1720 [lpfc] lpfcdowork+0x1485/0x1d70 [lpfc] kthread+0x112/0x130 retfrom_fork+0x1f/0x40 Kernel panic - not syncing: Hard LOCKUP

The same CPU tries to claim the phba->portlistlock twice.

Move the cfglogverbose checks as part of the lpfcprintfvlog() and lpfcprintflog() macros before calling lpfcdmpdbg(). There is no need to take the phba->portlistlock within lpfcdmpdbg().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49542.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0b3ad32e26460affc9d4b2f9c32d7c228e8b0cfb
Fixed
271725e4028559ae7974d762a8467dc9de412f2e
Fixed
cc6501afccec55b8b6c90584cbf71f1fefa77d1e
Fixed
09c772557a4fd9490fed1bfb133268313ea22213
Fixed
e294647b1aed4247fe52851f3a3b2b19ae906228

Affected versions

v5.*

v5.11
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49542.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.12.0
Fixed
5.15.46
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.17.14
Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
5.18.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49542.json"