CVE-2022-48653: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the ice_prepare_for_reset function. This double call is causing a "scheduling while atomic" BUG. [ 662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 maj_err_code = 0xffff min_err_code = 0x8003 [ 662.676609] ice 0000:4c:00.0 rocep76s0: [Modify QP Cmd Error][op_code=8] status=-29 waiting=1 completion_err=1 maj=0xffff min=0x8003 [ 662.815006] ice 0000:4c:00.0 rocep76s0: ICE OICR event notification: oicr = 0x10000003 [ 662.815014] ice 0000:4c:00.0 rocep76s0: critical PE Error, GLPE_CRITERR=0x00011424 [ 662.815017] ice 0000:4c:00.0 rocep76s0: Requesting a reset [ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002 [ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002 [ 662.815477] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs rfkill 8021q garp mrp stp llc vfat fat rpcrdma intel_rapl_msr intel_rapl_common sunrpc i10nm_edac rdma_ucm nfit ib_srpt libnvdimm ib_isert iscsi_target_mod x86_pkg_temp_thermal intel_powerclamp coretemp target_core_mod snd_hda_intel ib_iser snd_intel_dspcfg libiscsi snd_intel_sdw_acpi scsi_transport_iscsi kvm_intel iTCO_wdt rdma_cm snd_hda_codec kvm iw_cm ipmi_ssif iTCO_vendor_support snd_hda_core irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hwdep snd_seq snd_seq_device rapl snd_pcm snd_timer isst_if_mbox_pci pcspkr isst_if_mmio irdma intel_uncore idxd acpi_ipmi joydev isst_if_common snd mei_me idxd_bus ipmi_si soundcore i2c_i801 mei ipmi_devintf i2c_smbus i2c_ismt ipmi_msghandler acpi_power_meter acpi_pad rv(OE) ib_uverbs ib_cm ib_core xfs libcrc32c ast i2c_algo_bit drm_vram_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm_ttm_helpe r ttm [ 662.815546] nvme nvme_core ice drm crc32c_intel i40e t10_pi wmi pinctrl_emmitsburg dm_mirror dm_region_hash dm_log dm_mod fuse [ 662.815557] Preemption disabled at: [ 662.815558] [<0000000000000000>] 0x0 [ 662.815563] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Tainted: G S OE 5.17.1 #2 [ 662.815566] Hardware name: Intel Corporation D50DNP/D50DNP, BIOS SE5C6301.86B.6624.D18.2111021741 11/02/2021 [ 662.815568] Call Trace: [ 662.815572] <IRQ> [ 662.815574] dump_stack_lvl+0x33/0x42 [ 662.815581] __schedule_bug.cold.147+0x7d/0x8a [ 662.815588] __schedule+0x798/0x990 [ 662.815595] schedule+0x44/0xc0 [ 662.815597] schedule_preempt_disabled+0x14/0x20 [ 662.815600] __mutex_lock.isra.11+0x46c/0x490 [ 662.815603] ? __ibdev_printk+0x76/0xc0 [ib_core] [ 662.815633] device_del+0x37/0x3d0 [ 662.815639] ice_unplug_aux_dev+0x1a/0x40 [ice] [ 662.815674] ice_schedule_reset+0x3c/0xd0 [ice] [ 662.815693] irdma_iidc_event_handler.cold.7+0xb6/0xd3 [irdma] [ 662.815712] ? bitmap_find_next_zero_area_off+0x45/0xa0 [ 662.815719] ice_send_event_to_aux+0x54/0x70 [ice] [ 662.815741] ice_misc_intr+0x21d/0x2d0 [ice] [ 662.815756] __handle_irq_event_percpu+0x4c/0x180 [ 662.815762] handle_irq_event_percpu+0xf/0x40 [ 662.815764] handle_irq_event+0x34/0x60 [ 662.815766] handle_edge_irq+0x9a/0x1c0 [ 662.815770] __common_interrupt+0x62/0x100 [ 662.815774] common_interrupt+0xb4/0xd0 [ 662.815779] </IRQ> [ 662.815780] <TASK> [ 662.815780] asm_common_interrupt+0x1e/0x40 [ 662.815785] RIP: 0010:cpuidle_enter_state+0xd6/0x380 [ 662.815789] Code: 49 89 c4 0f 1f 44 00 00 31 ff e8 65 d7 95 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 64 02 00 00 31 ff e8 ae c5 9c ff fb 45 85 f6 <0f> 88 12 01 00 00 49 63 d6 4c 2b 24 24 48 8d 04 52 48 8d 04 82 49 [ 662.815791] RSP: 0018:ff2c2c4f18edbe80 EFLAGS: 00000202 [ 662.815793] RAX: ff280805df140000 RBX: 0000000000000002 RCX: 000000000000001f [ 662.815795] RDX: 0000009a52da2d08 R ---truncated---
AI Analysis
Technical Summary
CVE-2022-48653 is a vulnerability identified in the Linux kernel, specifically related to the 'ice' network driver, which manages Intel Ethernet devices. The issue arises from a double invocation of the function responsible for unplugging auxiliary (aux) devices during a peer-initiated reset. The vulnerability occurs because the aux device unplug function is called both in the IDC callback (triggered when aux drivers request a reset) and again in the ice_prepare_for_reset function. This double call leads to a "scheduling while atomic" bug, which is a critical kernel programming error where the scheduler is invoked in an atomic context where it is not allowed. This can cause kernel panics, system instability, or crashes. The kernel logs included in the description show error messages related to the ice driver, including critical PE errors, reset requests, and the BUG message indicating scheduling while atomic. The stack trace points to the ice_unplug_aux_dev function and related reset scheduling functions as the root cause. This vulnerability affects Linux kernel versions containing the specified commit hashes and is tied to Intel Ethernet hardware managed by the ice driver. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and low-level, impacting kernel stability and potentially causing denial of service (DoS) conditions due to system crashes or hangs when the bug is triggered during device resets.
Potential Impact
For European organizations, the impact of CVE-2022-48653 primarily concerns systems running Linux kernels with the affected ice driver managing Intel Ethernet devices. Such systems are common in enterprise servers, data centers, and network infrastructure. The vulnerability can lead to kernel panics and system crashes, resulting in denial of service. This can disrupt critical business operations, especially in environments relying on high availability and network performance, such as financial institutions, telecommunications providers, cloud service operators, and government agencies. The instability may also complicate incident response and recovery efforts. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting DoS can be exploited by attackers to degrade service or cause outages. Given the widespread use of Linux in European IT infrastructure and the prevalence of Intel network hardware, the risk is significant for organizations with unpatched systems. However, the lack of known exploits reduces immediate threat levels, though the potential for future exploitation exists.
Mitigation Recommendations
To mitigate CVE-2022-48653, European organizations should: 1) Identify all Linux systems using the ice driver with affected kernel versions by auditing kernel versions and hardware inventory. 2) Apply the latest Linux kernel patches or updates that address this vulnerability as soon as they are available from trusted Linux distributions or the kernel mainline. 3) Where immediate patching is not feasible, consider temporarily disabling or unloading the ice driver if network redundancy allows, or isolate affected systems to reduce impact. 4) Monitor system logs for signs of the 'scheduling while atomic' bug or related kernel errors indicating attempts to trigger the vulnerability. 5) Implement robust system monitoring and alerting to detect unexpected reboots or kernel panics. 6) Engage with hardware and software vendors for guidance on firmware or driver updates that complement kernel patches. 7) Incorporate this vulnerability into vulnerability management and incident response plans to ensure rapid remediation and recovery. These steps go beyond generic advice by focusing on driver-specific identification, patch prioritization, and operational monitoring tailored to the nature of this kernel-level bug.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland, Poland, Belgium
CVE-2022-48653: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the ice_prepare_for_reset function. This double call is causing a "scheduling while atomic" BUG. [ 662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 maj_err_code = 0xffff min_err_code = 0x8003 [ 662.676609] ice 0000:4c:00.0 rocep76s0: [Modify QP Cmd Error][op_code=8] status=-29 waiting=1 completion_err=1 maj=0xffff min=0x8003 [ 662.815006] ice 0000:4c:00.0 rocep76s0: ICE OICR event notification: oicr = 0x10000003 [ 662.815014] ice 0000:4c:00.0 rocep76s0: critical PE Error, GLPE_CRITERR=0x00011424 [ 662.815017] ice 0000:4c:00.0 rocep76s0: Requesting a reset [ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002 [ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002 [ 662.815477] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs rfkill 8021q garp mrp stp llc vfat fat rpcrdma intel_rapl_msr intel_rapl_common sunrpc i10nm_edac rdma_ucm nfit ib_srpt libnvdimm ib_isert iscsi_target_mod x86_pkg_temp_thermal intel_powerclamp coretemp target_core_mod snd_hda_intel ib_iser snd_intel_dspcfg libiscsi snd_intel_sdw_acpi scsi_transport_iscsi kvm_intel iTCO_wdt rdma_cm snd_hda_codec kvm iw_cm ipmi_ssif iTCO_vendor_support snd_hda_core irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hwdep snd_seq snd_seq_device rapl snd_pcm snd_timer isst_if_mbox_pci pcspkr isst_if_mmio irdma intel_uncore idxd acpi_ipmi joydev isst_if_common snd mei_me idxd_bus ipmi_si soundcore i2c_i801 mei ipmi_devintf i2c_smbus i2c_ismt ipmi_msghandler acpi_power_meter acpi_pad rv(OE) ib_uverbs ib_cm ib_core xfs libcrc32c ast i2c_algo_bit drm_vram_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm_ttm_helpe r ttm [ 662.815546] nvme nvme_core ice drm crc32c_intel i40e t10_pi wmi pinctrl_emmitsburg dm_mirror dm_region_hash dm_log dm_mod fuse [ 662.815557] Preemption disabled at: [ 662.815558] [<0000000000000000>] 0x0 [ 662.815563] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Tainted: G S OE 5.17.1 #2 [ 662.815566] Hardware name: Intel Corporation D50DNP/D50DNP, BIOS SE5C6301.86B.6624.D18.2111021741 11/02/2021 [ 662.815568] Call Trace: [ 662.815572] <IRQ> [ 662.815574] dump_stack_lvl+0x33/0x42 [ 662.815581] __schedule_bug.cold.147+0x7d/0x8a [ 662.815588] __schedule+0x798/0x990 [ 662.815595] schedule+0x44/0xc0 [ 662.815597] schedule_preempt_disabled+0x14/0x20 [ 662.815600] __mutex_lock.isra.11+0x46c/0x490 [ 662.815603] ? __ibdev_printk+0x76/0xc0 [ib_core] [ 662.815633] device_del+0x37/0x3d0 [ 662.815639] ice_unplug_aux_dev+0x1a/0x40 [ice] [ 662.815674] ice_schedule_reset+0x3c/0xd0 [ice] [ 662.815693] irdma_iidc_event_handler.cold.7+0xb6/0xd3 [irdma] [ 662.815712] ? bitmap_find_next_zero_area_off+0x45/0xa0 [ 662.815719] ice_send_event_to_aux+0x54/0x70 [ice] [ 662.815741] ice_misc_intr+0x21d/0x2d0 [ice] [ 662.815756] __handle_irq_event_percpu+0x4c/0x180 [ 662.815762] handle_irq_event_percpu+0xf/0x40 [ 662.815764] handle_irq_event+0x34/0x60 [ 662.815766] handle_edge_irq+0x9a/0x1c0 [ 662.815770] __common_interrupt+0x62/0x100 [ 662.815774] common_interrupt+0xb4/0xd0 [ 662.815779] </IRQ> [ 662.815780] <TASK> [ 662.815780] asm_common_interrupt+0x1e/0x40 [ 662.815785] RIP: 0010:cpuidle_enter_state+0xd6/0x380 [ 662.815789] Code: 49 89 c4 0f 1f 44 00 00 31 ff e8 65 d7 95 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 64 02 00 00 31 ff e8 ae c5 9c ff fb 45 85 f6 <0f> 88 12 01 00 00 49 63 d6 4c 2b 24 24 48 8d 04 52 48 8d 04 82 49 [ 662.815791] RSP: 0018:ff2c2c4f18edbe80 EFLAGS: 00000202 [ 662.815793] RAX: ff280805df140000 RBX: 0000000000000002 RCX: 000000000000001f [ 662.815795] RDX: 0000009a52da2d08 R ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2022-48653 is a vulnerability identified in the Linux kernel, specifically related to the 'ice' network driver, which manages Intel Ethernet devices. The issue arises from a double invocation of the function responsible for unplugging auxiliary (aux) devices during a peer-initiated reset. The vulnerability occurs because the aux device unplug function is called both in the IDC callback (triggered when aux drivers request a reset) and again in the ice_prepare_for_reset function. This double call leads to a "scheduling while atomic" bug, which is a critical kernel programming error where the scheduler is invoked in an atomic context where it is not allowed. This can cause kernel panics, system instability, or crashes. The kernel logs included in the description show error messages related to the ice driver, including critical PE errors, reset requests, and the BUG message indicating scheduling while atomic. The stack trace points to the ice_unplug_aux_dev function and related reset scheduling functions as the root cause. This vulnerability affects Linux kernel versions containing the specified commit hashes and is tied to Intel Ethernet hardware managed by the ice driver. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and low-level, impacting kernel stability and potentially causing denial of service (DoS) conditions due to system crashes or hangs when the bug is triggered during device resets.
Potential Impact
For European organizations, the impact of CVE-2022-48653 primarily concerns systems running Linux kernels with the affected ice driver managing Intel Ethernet devices. Such systems are common in enterprise servers, data centers, and network infrastructure. The vulnerability can lead to kernel panics and system crashes, resulting in denial of service. This can disrupt critical business operations, especially in environments relying on high availability and network performance, such as financial institutions, telecommunications providers, cloud service operators, and government agencies. The instability may also complicate incident response and recovery efforts. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting DoS can be exploited by attackers to degrade service or cause outages. Given the widespread use of Linux in European IT infrastructure and the prevalence of Intel network hardware, the risk is significant for organizations with unpatched systems. However, the lack of known exploits reduces immediate threat levels, though the potential for future exploitation exists.
Mitigation Recommendations
To mitigate CVE-2022-48653, European organizations should: 1) Identify all Linux systems using the ice driver with affected kernel versions by auditing kernel versions and hardware inventory. 2) Apply the latest Linux kernel patches or updates that address this vulnerability as soon as they are available from trusted Linux distributions or the kernel mainline. 3) Where immediate patching is not feasible, consider temporarily disabling or unloading the ice driver if network redundancy allows, or isolate affected systems to reduce impact. 4) Monitor system logs for signs of the 'scheduling while atomic' bug or related kernel errors indicating attempts to trigger the vulnerability. 5) Implement robust system monitoring and alerting to detect unexpected reboots or kernel panics. 6) Engage with hardware and software vendors for guidance on firmware or driver updates that complement kernel patches. 7) Incorporate this vulnerability into vulnerability management and incident response plans to ensure rapid remediation and recovery. These steps go beyond generic advice by focusing on driver-specific identification, patch prioritization, and operational monitoring tailored to the nature of this kernel-level bug.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:44:28.317Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5db7
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 6:14:00 PM
Last updated: 8/1/2025, 7:18:09 PM
Views: 10
Related Threats
CVE-2025-8749: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Mobile Industrial Robots MiR Robots
MediumCVE-2025-8088: CWE-35 Path traversal in win.rar GmbH WinRAR
HighCVE-2025-8748: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Mobile Industrial Robots MiR Robots
HighCVE-2025-53606: CWE-502 Deserialization of Untrusted Data in Apache Software Foundation Apache Seata (incubating)
CriticalCVE-2025-48913: CWE-20 Improper Input Validation in Apache Software Foundation Apache CXF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.