CVE-2022-49722

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix memory corruption in VF driver

Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled, when it requests a reset. If PF driver assumes that VF is disabled, while VF still has queues configured, VF may unmap DMA resources. In such scenario device still can map packets to memory, which ends up silently corrupting it. Previously, VF driver could experience memory corruption, which lead to crash: [ 5119.170157] BUG: unable to handle kernel paging request at 00001b9780003237 [ 5119.170166] PGD 0 P4D 0 [ 5119.170173] Oops: 0002 [#1] PREEMPTRT SMP PTI [ 5119.170181] CPU: 30 PID: 427592 Comm: kworker/u96:2 Kdump: loaded Tainted: G W I --------- - - 4.18.0-372.9.1.rt7.166.el8.x8664 #1 [ 5119.170189] Hardware name: Dell Inc. PowerEdge R740/014X06, BIOS 2.3.10 08/15/2019 [ 5119.170193] Workqueue: iavf iavfadminqtask [iavf] [ 5119.170219] RIP: 0010:_pagefragcachedrain+0x5/0x30 [ 5119.170238] Code: 0f 0f b6 77 51 85 f6 74 07 31 d2 e9 05 df ff ff e9 90 fe ff ff 48 8b 05 49 db 33 01 eb b4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 <f0> 29 77 34 74 01 c3 48 8b 07 f6 c4 80 74 0f 0f b6 77 51 85 f6 74 [ 5119.170244] RSP: 0018:ffffa43b0bdcfd78 EFLAGS: 00010282 [ 5119.170250] RAX: ffffffff896b3e40 RBX: ffff8fb282524000 RCX: 0000000000000002 [ 5119.170254] RDX: 0000000049000000 RSI: 0000000000000000 RDI: 00001b9780003203 [ 5119.170259] RBP: ffff8fb248217b00 R08: 0000000000000022 R09: 0000000000000009 [ 5119.170262] R10: 2b849d6300000000 R11: 0000000000000020 R12: 0000000000000000 [ 5119.170265] R13: 0000000000001000 R14: 0000000000000009 R15: 0000000000000000 [ 5119.170269] FS: 0000000000000000(0000) GS:ffff8fb1201c0000(0000) knlGS:0000000000000000 [ 5119.170274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5119.170279] CR2: 00001b9780003237 CR3: 00000008f3e1a003 CR4: 00000000007726e0 [ 5119.170283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 5119.170286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 5119.170290] PKRU: 55555554 [ 5119.170292] Call Trace: [ 5119.170298] iavfcleanrxring+0xad/0x110 [iavf] [ 5119.170324] iavffreerxresources+0xe/0x50 [iavf] [ 5119.170342] iavffreeallrxresources.part.51+0x30/0x40 [iavf] [ 5119.170358] iavfvirtchnlcompletion+0xd8a/0x15b0 [iavf] [ 5119.170377] ? iavfcleanarqelement+0x210/0x280 [iavf] [ 5119.170397] iavfadminqtask+0x126/0x2e0 [iavf] [ 5119.170416] processonework+0x18f/0x420 [ 5119.170429] workerthread+0x30/0x370 [ 5119.170437] ? processonework+0x420/0x420 [ 5119.170445] kthread+0x151/0x170 [ 5119.170452] ? setkthreadstruct+0x40/0x40 [ 5119.170460] retfromfork+0x35/0x40 [ 5119.170477] Modules linked in: iavf sctp ip6udptunnel udptunnel mlx4en mlx4core nfp tls vhostnet vhost vhostiotlb tap tun xtCHECKSUM iptMASQUERADE xtconntrack iptREJECT nfrejectipv4 nftcompat nftcounter nftchainnat nfnat nfconntrack nfdefragipv6 nfdefragipv4 nftables nfnetlink bridge stp llc rpcsecgsskrb5 authrpcgss nfsv4 dnsresolver nfs lockd grace fscache sunrpc intelraplmsr iTCOwdt iTCOvendorsupport dellsmbios wmibmof dellwmidescriptor dcdbas kvmintel kvm irqbypass intelraplcommon isstifcommon skxedac irdma nfit libnvdimm x86pkgtempthermal i40e intelpowerclamp coretemp crct10difpclmul crc32pclmul ghashclmulniintel ibuverbs rapl ipmissif intelcstate inteluncore meime pcspkr acpiipmi ibcore mei lpcich i2ci801 ipmisi ipmidevintf wmi ipmimsghandler acpipowermeter xfs libcrc32c sdmod t10pi sg mgag200 drmkmshelper syscopyarea sysfillrect sysimgblt fbsysfops ice ahci drm libahci crc32cintel libata tg3 megaraidsas [ 5119.170613] i2calgobit dmmirror dmregionhash dmlog dmmod fuse [last unloaded: iavf] [ 5119.170627] CR2: 00001b9780003237