CVE-2022-48658: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context") moved all flush_cpu_slab() invocations to the global workqueue to avoid a problem related with deactivate_slab()/__free_slab() being called from an IRQ context on PREEMPT_RT kernels. When the flush_all_cpu_locked() function is called from a task context it may happen that a workqueue with WQ_MEM_RECLAIM bit set ends up flushing the global workqueue, this will cause a dependency issue. workqueue: WQ_MEM_RECLAIM nvme-delete-wq:nvme_delete_ctrl_work [nvme_core] is flushing !WQ_MEM_RECLAIM events:flush_cpu_slab WARNING: CPU: 37 PID: 410 at kernel/workqueue.c:2637 check_flush_dependency+0x10a/0x120 Workqueue: nvme-delete-wq nvme_delete_ctrl_work [nvme_core] RIP: 0010:check_flush_dependency+0x10a/0x120[ 453.262125] Call Trace: __flush_work.isra.0+0xbf/0x220 ? __queue_work+0x1dc/0x420 flush_all_cpus_locked+0xfb/0x120 __kmem_cache_shutdown+0x2b/0x320 kmem_cache_destroy+0x49/0x100 bioset_exit+0x143/0x190 blk_release_queue+0xb9/0x100 kobject_cleanup+0x37/0x130 nvme_fc_ctrl_free+0xc6/0x150 [nvme_fc] nvme_free_ctrl+0x1ac/0x2b0 [nvme_core] Fix this bug by creating a workqueue for the flush operation with the WQ_MEM_RECLAIM bit set.
AI Analysis
Technical Summary
CVE-2022-48658 is a vulnerability identified in the Linux kernel's memory management subsystem, specifically related to the SLUB allocator's handling of slab cache flushing operations. The issue arises from improper invocation contexts of flush_cpu_slab() and __free_slab() functions. A prior commit (5a836bf6b09f) moved all flush_cpu_slab() invocations to the global workqueue to avoid problems with deactivate_slab()/__free_slab() being called from an interrupt request (IRQ) context on PREEMPT_RT kernels, which are real-time Linux kernels. However, when flush_all_cpu_locked() is called from a task context, it can cause a workqueue with the WQ_MEM_RECLAIM bit set to flush the global workqueue, leading to a dependency issue. This manifests as a warning and potential kernel instability or deadlock, as indicated by the kernel trace involving nvme_delete_ctrl_work and related NVMe core components. The root cause is that a workqueue intended for memory reclaim operations (WQ_MEM_RECLAIM) ends up flushing non-memory reclaim events, violating expected workqueue dependencies. The fix involves creating a dedicated workqueue for flush operations with the WQ_MEM_RECLAIM bit set to prevent these dependency conflicts. This vulnerability affects Linux kernel versions containing the specified commit and impacts systems using the SLUB allocator and NVMe subsystems under certain workloads, particularly those with PREEMPT_RT patches. No known exploits are reported in the wild yet, but the issue can cause kernel warnings, potential deadlocks, or crashes under specific conditions.
Potential Impact
For European organizations, the impact of CVE-2022-48658 can be significant in environments relying on Linux servers, especially those running real-time kernels (PREEMPT_RT) or heavy NVMe storage workloads. The vulnerability can lead to kernel warnings, instability, or deadlocks, potentially causing service disruptions or downtime. This is particularly critical for industries requiring high availability and real-time processing, such as telecommunications, manufacturing automation, financial services, and cloud service providers. Organizations using Linux-based infrastructure for critical applications may experience degraded performance or unexpected reboots, impacting business continuity. Although no active exploits are known, the complexity of the bug and its presence in core kernel memory management and NVMe subsystems mean that attackers with local access or the ability to trigger specific workloads could potentially cause denial of service. Confidentiality and integrity impacts are minimal since this is primarily a stability and availability issue, but availability degradation can have cascading effects on dependent services and applications.
Mitigation Recommendations
To mitigate CVE-2022-48658, European organizations should: 1) Apply the official Linux kernel patches that address this issue as soon as they become available from trusted Linux distributions or kernel maintainers. 2) For systems running PREEMPT_RT kernels or using NVMe storage heavily, prioritize testing and deploying updated kernels in staging environments to verify stability before production rollout. 3) Monitor kernel logs for warnings related to flush_cpu_slab or workqueue dependency issues to detect potential exploitation or triggering of the vulnerability. 4) Limit local access to critical Linux systems to reduce the risk of an attacker triggering the vulnerability through crafted workloads. 5) Consider implementing kernel live patching solutions where available to reduce downtime during patch deployment. 6) Engage with Linux distribution vendors for backported fixes if upgrading the kernel version is not immediately feasible. 7) Review and harden system configurations to minimize unnecessary workload on memory reclaim workqueues, reducing the chance of triggering the bug.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-48658: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context") moved all flush_cpu_slab() invocations to the global workqueue to avoid a problem related with deactivate_slab()/__free_slab() being called from an IRQ context on PREEMPT_RT kernels. When the flush_all_cpu_locked() function is called from a task context it may happen that a workqueue with WQ_MEM_RECLAIM bit set ends up flushing the global workqueue, this will cause a dependency issue. workqueue: WQ_MEM_RECLAIM nvme-delete-wq:nvme_delete_ctrl_work [nvme_core] is flushing !WQ_MEM_RECLAIM events:flush_cpu_slab WARNING: CPU: 37 PID: 410 at kernel/workqueue.c:2637 check_flush_dependency+0x10a/0x120 Workqueue: nvme-delete-wq nvme_delete_ctrl_work [nvme_core] RIP: 0010:check_flush_dependency+0x10a/0x120[ 453.262125] Call Trace: __flush_work.isra.0+0xbf/0x220 ? __queue_work+0x1dc/0x420 flush_all_cpus_locked+0xfb/0x120 __kmem_cache_shutdown+0x2b/0x320 kmem_cache_destroy+0x49/0x100 bioset_exit+0x143/0x190 blk_release_queue+0xb9/0x100 kobject_cleanup+0x37/0x130 nvme_fc_ctrl_free+0xc6/0x150 [nvme_fc] nvme_free_ctrl+0x1ac/0x2b0 [nvme_core] Fix this bug by creating a workqueue for the flush operation with the WQ_MEM_RECLAIM bit set.
AI-Powered Analysis
Technical Analysis
CVE-2022-48658 is a vulnerability identified in the Linux kernel's memory management subsystem, specifically related to the SLUB allocator's handling of slab cache flushing operations. The issue arises from improper invocation contexts of flush_cpu_slab() and __free_slab() functions. A prior commit (5a836bf6b09f) moved all flush_cpu_slab() invocations to the global workqueue to avoid problems with deactivate_slab()/__free_slab() being called from an interrupt request (IRQ) context on PREEMPT_RT kernels, which are real-time Linux kernels. However, when flush_all_cpu_locked() is called from a task context, it can cause a workqueue with the WQ_MEM_RECLAIM bit set to flush the global workqueue, leading to a dependency issue. This manifests as a warning and potential kernel instability or deadlock, as indicated by the kernel trace involving nvme_delete_ctrl_work and related NVMe core components. The root cause is that a workqueue intended for memory reclaim operations (WQ_MEM_RECLAIM) ends up flushing non-memory reclaim events, violating expected workqueue dependencies. The fix involves creating a dedicated workqueue for flush operations with the WQ_MEM_RECLAIM bit set to prevent these dependency conflicts. This vulnerability affects Linux kernel versions containing the specified commit and impacts systems using the SLUB allocator and NVMe subsystems under certain workloads, particularly those with PREEMPT_RT patches. No known exploits are reported in the wild yet, but the issue can cause kernel warnings, potential deadlocks, or crashes under specific conditions.
Potential Impact
For European organizations, the impact of CVE-2022-48658 can be significant in environments relying on Linux servers, especially those running real-time kernels (PREEMPT_RT) or heavy NVMe storage workloads. The vulnerability can lead to kernel warnings, instability, or deadlocks, potentially causing service disruptions or downtime. This is particularly critical for industries requiring high availability and real-time processing, such as telecommunications, manufacturing automation, financial services, and cloud service providers. Organizations using Linux-based infrastructure for critical applications may experience degraded performance or unexpected reboots, impacting business continuity. Although no active exploits are known, the complexity of the bug and its presence in core kernel memory management and NVMe subsystems mean that attackers with local access or the ability to trigger specific workloads could potentially cause denial of service. Confidentiality and integrity impacts are minimal since this is primarily a stability and availability issue, but availability degradation can have cascading effects on dependent services and applications.
Mitigation Recommendations
To mitigate CVE-2022-48658, European organizations should: 1) Apply the official Linux kernel patches that address this issue as soon as they become available from trusted Linux distributions or kernel maintainers. 2) For systems running PREEMPT_RT kernels or using NVMe storage heavily, prioritize testing and deploying updated kernels in staging environments to verify stability before production rollout. 3) Monitor kernel logs for warnings related to flush_cpu_slab or workqueue dependency issues to detect potential exploitation or triggering of the vulnerability. 4) Limit local access to critical Linux systems to reduce the risk of an attacker triggering the vulnerability through crafted workloads. 5) Consider implementing kernel live patching solutions where available to reduce downtime during patch deployment. 6) Engage with Linux distribution vendors for backported fixes if upgrading the kernel version is not immediately feasible. 7) Review and harden system configurations to minimize unnecessary workload on memory reclaim workqueues, reducing the chance of triggering the bug.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:44:28.317Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5de9
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 6:26:10 PM
Last updated: 8/18/2025, 11:25:34 PM
Views: 17
Related Threats
CVE-2025-9169: Cross Site Scripting in SolidInvoice
MediumCVE-2025-9168: Cross Site Scripting in SolidInvoice
MediumCVE-2025-8364: Address bar spoofing using an blob URI on Firefox for Android in Mozilla Firefox
HighCVE-2025-8042: Sandboxed iframe could start downloads in Mozilla Firefox
HighCVE-2025-8041: Incorrect URL truncation in Firefox for Android in Mozilla Firefox
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.