CVE-2022-49759

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49759
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49759.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49759
Related
Published
2025-03-27T17:15:41Z
Modified
2025-04-15T14:51:51Z
Downstream
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

VMCI: Use threaded irqs instead of tasklets

The vmcidispatchdgs() tasklet function calls vmcireaddata() which uses wait_event() resulting in invalid sleep in an atomic context (and therefore potentially in a deadlock).

Use threaded irqs to fix this issue and completely remove usage of tasklets.

[ 20.264639] BUG: sleeping function called from invalid context at drivers/misc/vmwvmci/vmciguest.c:145 [ 20.264643] inatomic(): 1, irqsdisabled(): 0, nonblock: 0, pid: 762, name: vmtoolsd [ 20.264645] preemptcount: 101, expected: 0 [ 20.264646] RCU nest depth: 0, expected: 0 [ 20.264647] 1 lock held by vmtoolsd/762: [ 20.264648] #0: ffff0000874ae440 (sklock-AFVSOCK){+.+.}-{0:0}, at: vsockconnect+0x60/0x330 [vsock] [ 20.264658] Preemption disabled at: [ 20.264659] [<ffff80000151d7d8>] vmcisenddatagram+0x44/0xa0 [vmwvmci] [ 20.264665] CPU: 0 PID: 762 Comm: vmtoolsd Not tainted 5.19.0-0.rc8.20220727git39c3c396f813.60.fc37.aarch64 #1 [ 20.264667] Hardware name: VMware, Inc. VBSA/VBSA, BIOS VEFI 12/31/2020 [ 20.264668] Call trace: [ 20.264669] dumpbacktrace+0xc4/0x130 [ 20.264672] showstack+0x24/0x80 [ 20.264673] dumpstacklvl+0x88/0xb4 [ 20.264676] dumpstack+0x18/0x34 [ 20.264677] _mightresched+0x1a0/0x280 [ 20.264679] _mightsleep+0x58/0x90 [ 20.264681] vmcireaddata+0x74/0x120 [vmwvmci] [ 20.264683] vmcidispatchdgs+0x64/0x204 [vmwvmci] [ 20.264686] taskletactioncommon.constprop.0+0x13c/0x150 [ 20.264688] taskletaction+0x40/0x50 [ 20.264689] _dosoftirq+0x23c/0x6b4 [ 20.264690] _irqexitrcu+0x104/0x214 [ 20.264691] irqexitrcu+0x1c/0x50 [ 20.264693] el1interrupt+0x38/0x6c [ 20.264695] el1h64irqhandler+0x18/0x24 [ 20.264696] el1h64irq+0x68/0x6c [ 20.264697] preemptcountsub+0xa4/0xe0 [ 20.264698] _rawspinunlockirqrestore+0x64/0xb0 [ 20.264701] vmcisenddatagram+0x7c/0xa0 [vmwvmci] [ 20.264703] vmcidatagramdispatch+0x84/0x100 [vmwvmci] [ 20.264706] vmcidatagramsend+0x2c/0x40 [vmwvmci] [ 20.264709] vmcitransportsendcontrolpkt+0xb8/0x120 [vmwvsockvmcitransport] [ 20.264711] vmcitransportconnect+0x40/0x7c [vmwvsockvmcitransport] [ 20.264713] vsockconnect+0x278/0x330 [vsock] [ 20.264715] _sysconnectfile+0x8c/0xc0 [ 20.264718] _sysconnect+0x84/0xb4 [ 20.264720] _arm64sysconnect+0x2c/0x3c [ 20.264721] invokesyscall+0x78/0x100 [ 20.264723] el0svccommon.constprop.0+0x68/0x124 [ 20.264724] doel0svc+0x38/0x4c [ 20.264725] el0svc+0x60/0x180 [ 20.264726] el0t64synchandler+0x11c/0x150 [ 20.264728] el0t64_sync+0x190/0x194

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.8-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.8-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}