CVE-2022-49759
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49759
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49759.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49759
- Downstream
- Related
- Published
- 2025-03-27T16:43:06Z
- Modified
- 2025-10-21T10:46:28.088542Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- VMCI: Use threaded irqs instead of tasklets
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
VMCI: Use threaded irqs instead of tasklets
The vmcidispatchdgs() tasklet function calls vmcireaddata() which uses wait_event() resulting in invalid sleep in an atomic context (and therefore potentially in a deadlock).
Use threaded irqs to fix this issue and completely remove usage of tasklets.
[ 20.264639] BUG: sleeping function called from invalid context at drivers/misc/vmwvmci/vmciguest.c:145 [ 20.264643] inatomic(): 1, irqsdisabled(): 0, nonblock: 0, pid: 762, name: vmtoolsd [ 20.264645] preemptcount: 101, expected: 0 [ 20.264646] RCU nest depth: 0, expected: 0 [ 20.264647] 1 lock held by vmtoolsd/762: [ 20.264648] #0: ffff0000874ae440 (sklock-AFVSOCK){+.+.}-{0:0}, at: vsockconnect+0x60/0x330 [vsock] [ 20.264658] Preemption disabled at: [ 20.264659] [<ffff80000151d7d8>] vmcisenddatagram+0x44/0xa0 [vmwvmci] [ 20.264665] CPU: 0 PID: 762 Comm: vmtoolsd Not tainted 5.19.0-0.rc8.20220727git39c3c396f813.60.fc37.aarch64 #1 [ 20.264667] Hardware name: VMware, Inc. VBSA/VBSA, BIOS VEFI 12/31/2020 [ 20.264668] Call trace: [ 20.264669] dumpbacktrace+0xc4/0x130 [ 20.264672] showstack+0x24/0x80 [ 20.264673] dumpstacklvl+0x88/0xb4 [ 20.264676] dumpstack+0x18/0x34 [ 20.264677] _mightresched+0x1a0/0x280 [ 20.264679] _mightsleep+0x58/0x90 [ 20.264681] vmcireaddata+0x74/0x120 [vmwvmci] [ 20.264683] vmcidispatchdgs+0x64/0x204 [vmwvmci] [ 20.264686] taskletactioncommon.constprop.0+0x13c/0x150 [ 20.264688] taskletaction+0x40/0x50 [ 20.264689] _dosoftirq+0x23c/0x6b4 [ 20.264690] _irqexitrcu+0x104/0x214 [ 20.264691] irqexitrcu+0x1c/0x50 [ 20.264693] el1interrupt+0x38/0x6c [ 20.264695] el1h64irqhandler+0x18/0x24 [ 20.264696] el1h64irq+0x68/0x6c [ 20.264697] preemptcountsub+0xa4/0xe0 [ 20.264698] _rawspinunlockirqrestore+0x64/0xb0 [ 20.264701] vmcisenddatagram+0x7c/0xa0 [vmwvmci] [ 20.264703] vmcidatagramdispatch+0x84/0x100 [vmwvmci] [ 20.264706] vmcidatagramsend+0x2c/0x40 [vmwvmci] [ 20.264709] vmcitransportsendcontrolpkt+0xb8/0x120 [vmwvsockvmcitransport] [ 20.264711] vmcitransportconnect+0x40/0x7c [vmwvsockvmcitransport] [ 20.264713] vsockconnect+0x278/0x330 [vsock] [ 20.264715] _sysconnectfile+0x8c/0xc0 [ 20.264718] _sysconnect+0x84/0xb4 [ 20.264720] _arm64sysconnect+0x2c/0x3c [ 20.264721] invokesyscall+0x78/0x100 [ 20.264723] el0svccommon.constprop.0+0x68/0x124 [ 20.264724] doel0svc+0x38/0x4c [ 20.264725] el0svc+0x60/0x180 [ 20.264726] el0t64synchandler+0x11c/0x150 [ 20.264728] el0t64_sync+0x190/0x194
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced463713eb6164b6577f8e91447c7745628215531bFixed548ea9dd5e01b0ecf53d2563004c80abd636743d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced463713eb6164b6577f8e91447c7745628215531bFixed3daed6345d5880464f46adab871d208e1baa2f3a
Affected versions
v5.*
v5.17
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3daed6345d5880464f46adab871d208e1baa2f3a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"129006848588873946545775217720927998594",
"170353636537265691028068547785325021458",
"122570949293802103285661612731051309327",
"250330262322911838454993903988158468455",
"287231742027316596891716440018079628916",
"304624728358338602878679758958255678974",
"74011107441693804179684174059888651734",
"214161619774923074910405112366020464577",
"298884939132920686082232023659666358398",
"203191899110999389610035272736928953079",
"255492467994992620313215492349350984683",
"176352873514904705758888367636419083513",
"161362545176682633764707391049334255685",
"34539576356578111631265140402742418651",
"124824046959138185452843275842942786722",
"18349317253214186237850771487455252058",
"105314477356710730745504755946781220383",
"19150345494671173076560344133319475314",
"111311672016844462201634201310867038061",
"192262278191216854557281727592346470069",
"308103630531398739783781635451549275120",
"236703691309039707268391915800343332624",
"324555833673313954349744250372023406969",
"277237305103812251238262352980032948074",
"128153415338855549742203374490604906234",
"195796790371531936869477127695461692213",
"224021506517196869773503137090946677441",
"143109071733289330119257080657452111668",
"283701510215832110275710813161310645977",
"334968713862910396671050867043239779861",
"928815694438331259380397860264263398",
"296899826211529951554774974339985384291",
"59463680474886415358605709736360741242",
"27290376475773840913445021501154109004",
"115281550556813845862626244773439151868",
"122529047872875754396084825547068256750",
"285641226766313932143904038726390267744",
"146671583563995733900409881729626590191",
"7183384209856176089322285238687464305",
"223621697279945417357314350485910002686",
"329669638680069757040779883084617905855",
"51029236515069834904432517333256798096",
"317194309439837152817205161890608743617",
"331970645622774041132617541942763870482",
"284673234717339254190597820580963257541",
"294198338013621213175277976924273193830",
"195069176117812469764186885744225200616",
"260290376123089445472942326262147214824",
"232619425762879010185201957436574133615",
"275710637657808320681501240131191025338",
"246599719115534752641555148287280099756",
"283692785362803483933756473348950917273",
"272392840564633724161819907208526312804",
"24161343948459749754960237813709692876",
"151530161590642847076019891575826291697",
"276483950358412742572724750374019558031",
"265257636795116673433475712023583569012",
"149775604226431833004362766988639616762",
"269513977352243803728060160814136194738",
"55007397458897377881717769526475193939",
"130457349588467385695487991422369545506",
"60440239822932817537491456145765701484",
"65353045593309116658902313436640961347",
"30575017864653378052089459724185474092",
"102092378041260749595397826060602668078",
"194981792682372699972875924689730848565",
"105427117975706991311614909280970963489",
"151525481655929893091865296289391175333"
]
},
"target": {
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-10875195",
"signature_version": "v1",
"signature_type": "Line"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548ea9dd5e01b0ecf53d2563004c80abd636743d",
"digest": {
"function_hash": "160094856261820861466704988869933459218",
"length": 701.0
},
"target": {
"function": "vmci_interrupt",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-2e26dafc",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3daed6345d5880464f46adab871d208e1baa2f3a",
"digest": {
"function_hash": "140470265638212655571268464158444587772",
"length": 1724.0
},
"target": {
"function": "vmci_dispatch_dgs",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-3efcd13b",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3daed6345d5880464f46adab871d208e1baa2f3a",
"digest": {
"function_hash": "317059848856555322009552945921680573763",
"length": 135.0
},
"target": {
"function": "vmci_interrupt_bm",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-5b420066",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3daed6345d5880464f46adab871d208e1baa2f3a",
"digest": {
"function_hash": "160094856261820861466704988869933459218",
"length": 701.0
},
"target": {
"function": "vmci_interrupt",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-5fc5dfe0",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3daed6345d5880464f46adab871d208e1baa2f3a",
"digest": {
"function_hash": "294324108436899292487178335394675300031",
"length": 1175.0
},
"target": {
"function": "vmci_guest_remove_device",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-6410d1c8",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548ea9dd5e01b0ecf53d2563004c80abd636743d",
"digest": {
"function_hash": "294324108436899292487178335394675300031",
"length": 1175.0
},
"target": {
"function": "vmci_guest_remove_device",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-6eb8d550",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548ea9dd5e01b0ecf53d2563004c80abd636743d",
"digest": {
"function_hash": "140470265638212655571268464158444587772",
"length": 1724.0
},
"target": {
"function": "vmci_dispatch_dgs",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-a91fd38f",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3daed6345d5880464f46adab871d208e1baa2f3a",
"digest": {
"function_hash": "6817299620717689873116875879852108765",
"length": 242.0
},
"target": {
"function": "vmci_process_bitmap",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-d2f09851",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548ea9dd5e01b0ecf53d2563004c80abd636743d",
"digest": {
"function_hash": "317059848856555322009552945921680573763",
"length": 135.0
},
"target": {
"function": "vmci_interrupt_bm",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-d72acf54",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548ea9dd5e01b0ecf53d2563004c80abd636743d",
"digest": {
"function_hash": "6817299620717689873116875879852108765",
"length": 242.0
},
"target": {
"function": "vmci_process_bitmap",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-e29080da",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3daed6345d5880464f46adab871d208e1baa2f3a",
"digest": {
"function_hash": "129259727056293484664586006831763153026",
"length": 6631.0
},
"target": {
"function": "vmci_guest_probe_device",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-e420d90f",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548ea9dd5e01b0ecf53d2563004c80abd636743d",
"digest": {
"function_hash": "129259727056293484664586006831763153026",
"length": 6631.0
},
"target": {
"function": "vmci_guest_probe_device",
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-e4f8e6ba",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@548ea9dd5e01b0ecf53d2563004c80abd636743d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"129006848588873946545775217720927998594",
"170353636537265691028068547785325021458",
"122570949293802103285661612731051309327",
"250330262322911838454993903988158468455",
"287231742027316596891716440018079628916",
"304624728358338602878679758958255678974",
"74011107441693804179684174059888651734",
"214161619774923074910405112366020464577",
"298884939132920686082232023659666358398",
"203191899110999389610035272736928953079",
"255492467994992620313215492349350984683",
"176352873514904705758888367636419083513",
"161362545176682633764707391049334255685",
"34539576356578111631265140402742418651",
"124824046959138185452843275842942786722",
"18349317253214186237850771487455252058",
"105314477356710730745504755946781220383",
"19150345494671173076560344133319475314",
"111311672016844462201634201310867038061",
"192262278191216854557281727592346470069",
"308103630531398739783781635451549275120",
"236703691309039707268391915800343332624",
"324555833673313954349744250372023406969",
"277237305103812251238262352980032948074",
"128153415338855549742203374490604906234",
"195796790371531936869477127695461692213",
"224021506517196869773503137090946677441",
"143109071733289330119257080657452111668",
"283701510215832110275710813161310645977",
"334968713862910396671050867043239779861",
"928815694438331259380397860264263398",
"296899826211529951554774974339985384291",
"59463680474886415358605709736360741242",
"27290376475773840913445021501154109004",
"115281550556813845862626244773439151868",
"122529047872875754396084825547068256750",
"285641226766313932143904038726390267744",
"146671583563995733900409881729626590191",
"7183384209856176089322285238687464305",
"223621697279945417357314350485910002686",
"329669638680069757040779883084617905855",
"51029236515069834904432517333256798096",
"317194309439837152817205161890608743617",
"331970645622774041132617541942763870482",
"284673234717339254190597820580963257541",
"294198338013621213175277976924273193830",
"195069176117812469764186885744225200616",
"260290376123089445472942326262147214824",
"232619425762879010185201957436574133615",
"275710637657808320681501240131191025338",
"246599719115534752641555148287280099756",
"283692785362803483933756473348950917273",
"272392840564633724161819907208526312804",
"24161343948459749754960237813709692876",
"151530161590642847076019891575826291697",
"276483950358412742572724750374019558031",
"265257636795116673433475712023583569012",
"149775604226431833004362766988639616762",
"269513977352243803728060160814136194738",
"55007397458897377881717769526475193939",
"130457349588467385695487991422369545506",
"60440239822932817537491456145765701484",
"65353045593309116658902313436640961347",
"30575017864653378052089459724185474092",
"102092378041260749595397826060602668078",
"194981792682372699972875924689730848565",
"105427117975706991311614909280970963489",
"151525481655929893091865296289391175333"
]
},
"target": {
"file": "drivers/misc/vmw_vmci/vmci_guest.c"
},
"id": "CVE-2022-49759-f5954690",
"signature_version": "v1",
"signature_type": "Line"
}
]