CVE-2022-48675: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmput_async(). From the below call trace [1] can see that calling mmput() once we have the umem_odp->umem_mutex locked as required by ib_umem_odp_map_dma_and_lock() might trigger in the same task the exit_mmap()->__mmu_notifier_release()->mlx5_ib_invalidate_range() which may dead lock when trying to lock the same mutex. Moving to use mmput_async() will solve the problem as the above exit_mmap() flow will be called in other task and will be executed once the lock will be available. [1] [64843.077665] task:kworker/u133:2 state:D stack: 0 pid:80906 ppid: 2 flags:0x00004000 [64843.077672] Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib] [64843.077719] Call Trace: [64843.077722] <TASK> [64843.077724] __schedule+0x23d/0x590 [64843.077729] schedule+0x4e/0xb0 [64843.077735] schedule_preempt_disabled+0xe/0x10 [64843.077740] __mutex_lock.constprop.0+0x263/0x490 [64843.077747] __mutex_lock_slowpath+0x13/0x20 [64843.077752] mutex_lock+0x34/0x40 [64843.077758] mlx5_ib_invalidate_range+0x48/0x270 [mlx5_ib] [64843.077808] __mmu_notifier_release+0x1a4/0x200 [64843.077816] exit_mmap+0x1bc/0x200 [64843.077822] ? walk_page_range+0x9c/0x120 [64843.077828] ? __cond_resched+0x1a/0x50 [64843.077833] ? mutex_lock+0x13/0x40 [64843.077839] ? uprobe_clear_state+0xac/0x120 [64843.077860] mmput+0x5f/0x140 [64843.077867] ib_umem_odp_map_dma_and_lock+0x21b/0x580 [ib_core] [64843.077931] pagefault_real_mr+0x9a/0x140 [mlx5_ib] [64843.077962] pagefault_mr+0xb4/0x550 [mlx5_ib] [64843.077992] pagefault_single_data_segment.constprop.0+0x2ac/0x560 [mlx5_ib] [64843.078022] mlx5_ib_eqe_pf_action+0x528/0x780 [mlx5_ib] [64843.078051] process_one_work+0x22b/0x3d0 [64843.078059] worker_thread+0x53/0x410 [64843.078065] ? process_one_work+0x3d0/0x3d0 [64843.078073] kthread+0x12a/0x150 [64843.078079] ? set_kthread_struct+0x50/0x50 [64843.078085] ret_from_fork+0x22/0x30 [64843.078093] </TASK>
AI Analysis
Technical Summary
CVE-2022-48675 is a vulnerability identified in the Linux kernel related to the InfiniBand (IB) core subsystem, specifically involving On-Demand Paging (ODP) flow management. The issue arises from a nested deadlock condition triggered when the kernel attempts to release memory mappings while holding a mutex lock on umem_odp->umem_mutex. The problematic sequence involves the call to mmput() while the mutex is locked, which can lead to a deadlock because mmput() triggers exit_mmap(), which in turn calls __mmu_notifier_release() and mlx5_ib_invalidate_range(). This function attempts to acquire the same mutex again, causing the kernel thread to deadlock. The deadlock occurs within the mlx5_ib driver, which is responsible for Mellanox InfiniBand hardware support, affecting the handling of page faults and memory invalidation in the IB subsystem. The fix implemented replaces mmput() with mmput_async(), which defers the release operation to a different task context, thus avoiding the deadlock by ensuring the mutex is not held during the release. This vulnerability is significant because it can cause kernel-level deadlocks, leading to system hangs or degraded performance in environments using InfiniBand hardware with ODP enabled. The provided call trace illustrates the deadlock scenario occurring in a kernel worker thread handling page faults, emphasizing the complexity of the locking issue within the kernel's memory management and IB driver interaction. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, especially those operating high-performance computing (HPC) clusters, data centers, or enterprise environments utilizing InfiniBand networking with Linux servers, this vulnerability poses a risk of system instability and denial of service due to kernel deadlocks. InfiniBand is widely used in scientific research institutions, financial services, and telecommunications sectors across Europe for its low latency and high throughput. A deadlock in the kernel can halt critical workloads, disrupt data processing, and impact service availability. While this vulnerability does not directly lead to privilege escalation or data leakage, the resulting system hangs can cause significant operational disruptions and potential financial losses. Organizations relying on Linux kernels with affected versions and Mellanox hardware drivers are particularly vulnerable. The absence of known exploits reduces immediate risk, but the complexity of the issue means that unpatched systems remain susceptible to inadvertent deadlocks under specific workloads, affecting service reliability and uptime.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch replacing mmput() with mmput_async() in the mlx5_ib driver. Since the vulnerability is tied to the InfiniBand ODP flow, disabling ODP functionality temporarily can serve as a short-term mitigation if patching is not immediately feasible. Administrators should audit their environments to identify systems running affected kernel versions with Mellanox InfiniBand hardware and drivers. Monitoring kernel logs for signs of deadlocks or related error messages can help detect attempts to trigger this condition. Additionally, testing kernel updates in staging environments before production deployment is recommended to ensure stability. For organizations using custom or older kernels, backporting the patch or applying vendor-provided updates is critical. Network segmentation and limiting access to InfiniBand management interfaces can reduce the risk of triggering the deadlock from untrusted sources. Finally, maintaining robust backup and recovery procedures will mitigate operational impact if system hangs occur.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Switzerland, Italy, Spain, Finland
CVE-2022-48675: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmput_async(). From the below call trace [1] can see that calling mmput() once we have the umem_odp->umem_mutex locked as required by ib_umem_odp_map_dma_and_lock() might trigger in the same task the exit_mmap()->__mmu_notifier_release()->mlx5_ib_invalidate_range() which may dead lock when trying to lock the same mutex. Moving to use mmput_async() will solve the problem as the above exit_mmap() flow will be called in other task and will be executed once the lock will be available. [1] [64843.077665] task:kworker/u133:2 state:D stack: 0 pid:80906 ppid: 2 flags:0x00004000 [64843.077672] Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib] [64843.077719] Call Trace: [64843.077722] <TASK> [64843.077724] __schedule+0x23d/0x590 [64843.077729] schedule+0x4e/0xb0 [64843.077735] schedule_preempt_disabled+0xe/0x10 [64843.077740] __mutex_lock.constprop.0+0x263/0x490 [64843.077747] __mutex_lock_slowpath+0x13/0x20 [64843.077752] mutex_lock+0x34/0x40 [64843.077758] mlx5_ib_invalidate_range+0x48/0x270 [mlx5_ib] [64843.077808] __mmu_notifier_release+0x1a4/0x200 [64843.077816] exit_mmap+0x1bc/0x200 [64843.077822] ? walk_page_range+0x9c/0x120 [64843.077828] ? __cond_resched+0x1a/0x50 [64843.077833] ? mutex_lock+0x13/0x40 [64843.077839] ? uprobe_clear_state+0xac/0x120 [64843.077860] mmput+0x5f/0x140 [64843.077867] ib_umem_odp_map_dma_and_lock+0x21b/0x580 [ib_core] [64843.077931] pagefault_real_mr+0x9a/0x140 [mlx5_ib] [64843.077962] pagefault_mr+0xb4/0x550 [mlx5_ib] [64843.077992] pagefault_single_data_segment.constprop.0+0x2ac/0x560 [mlx5_ib] [64843.078022] mlx5_ib_eqe_pf_action+0x528/0x780 [mlx5_ib] [64843.078051] process_one_work+0x22b/0x3d0 [64843.078059] worker_thread+0x53/0x410 [64843.078065] ? process_one_work+0x3d0/0x3d0 [64843.078073] kthread+0x12a/0x150 [64843.078079] ? set_kthread_struct+0x50/0x50 [64843.078085] ret_from_fork+0x22/0x30 [64843.078093] </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2022-48675 is a vulnerability identified in the Linux kernel related to the InfiniBand (IB) core subsystem, specifically involving On-Demand Paging (ODP) flow management. The issue arises from a nested deadlock condition triggered when the kernel attempts to release memory mappings while holding a mutex lock on umem_odp->umem_mutex. The problematic sequence involves the call to mmput() while the mutex is locked, which can lead to a deadlock because mmput() triggers exit_mmap(), which in turn calls __mmu_notifier_release() and mlx5_ib_invalidate_range(). This function attempts to acquire the same mutex again, causing the kernel thread to deadlock. The deadlock occurs within the mlx5_ib driver, which is responsible for Mellanox InfiniBand hardware support, affecting the handling of page faults and memory invalidation in the IB subsystem. The fix implemented replaces mmput() with mmput_async(), which defers the release operation to a different task context, thus avoiding the deadlock by ensuring the mutex is not held during the release. This vulnerability is significant because it can cause kernel-level deadlocks, leading to system hangs or degraded performance in environments using InfiniBand hardware with ODP enabled. The provided call trace illustrates the deadlock scenario occurring in a kernel worker thread handling page faults, emphasizing the complexity of the locking issue within the kernel's memory management and IB driver interaction. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, especially those operating high-performance computing (HPC) clusters, data centers, or enterprise environments utilizing InfiniBand networking with Linux servers, this vulnerability poses a risk of system instability and denial of service due to kernel deadlocks. InfiniBand is widely used in scientific research institutions, financial services, and telecommunications sectors across Europe for its low latency and high throughput. A deadlock in the kernel can halt critical workloads, disrupt data processing, and impact service availability. While this vulnerability does not directly lead to privilege escalation or data leakage, the resulting system hangs can cause significant operational disruptions and potential financial losses. Organizations relying on Linux kernels with affected versions and Mellanox hardware drivers are particularly vulnerable. The absence of known exploits reduces immediate risk, but the complexity of the issue means that unpatched systems remain susceptible to inadvertent deadlocks under specific workloads, affecting service reliability and uptime.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch replacing mmput() with mmput_async() in the mlx5_ib driver. Since the vulnerability is tied to the InfiniBand ODP flow, disabling ODP functionality temporarily can serve as a short-term mitigation if patching is not immediately feasible. Administrators should audit their environments to identify systems running affected kernel versions with Mellanox InfiniBand hardware and drivers. Monitoring kernel logs for signs of deadlocks or related error messages can help detect attempts to trigger this condition. Additionally, testing kernel updates in staging environments before production deployment is recommended to ensure stability. For organizations using custom or older kernels, backporting the patch or applying vendor-provided updates is critical. Network segmentation and limiting access to InfiniBand management interfaces can reduce the risk of triggering the deadlock from untrusted sources. Finally, maintaining robust backup and recovery procedures will mitigate operational impact if system hangs occur.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:44:28.322Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5e3d
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 6:45:08 PM
Last updated: 8/1/2025, 7:14:00 AM
Views: 11
Related Threats
CVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52618: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in HCL Software BigFix SaaS Remediate
MediumCVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.