CVE-2022-48694: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error target the wrong CQ. This causes the ib_drain_sq to hang with no completion. Fix this to generate completions on the right CQ. [ 863.969340] INFO: task kworker/u52:2:671 blocked for more than 122 seconds. [ 863.979224] Not tainted 5.14.0-130.el9.x86_64 #1 [ 863.986588] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 863.996997] task:kworker/u52:2 state:D stack: 0 pid: 671 ppid: 2 flags:0x00004000 [ 864.007272] Workqueue: xprtiod xprt_autoclose [sunrpc] [ 864.014056] Call Trace: [ 864.017575] __schedule+0x206/0x580 [ 864.022296] schedule+0x43/0xa0 [ 864.026736] schedule_timeout+0x115/0x150 [ 864.032185] __wait_for_common+0x93/0x1d0 [ 864.037717] ? usleep_range_state+0x90/0x90 [ 864.043368] __ib_drain_sq+0xf6/0x170 [ib_core] [ 864.049371] ? __rdma_block_iter_next+0x80/0x80 [ib_core] [ 864.056240] ib_drain_sq+0x66/0x70 [ib_core] [ 864.062003] rpcrdma_xprt_disconnect+0x82/0x3b0 [rpcrdma] [ 864.069365] ? xprt_prepare_transmit+0x5d/0xc0 [sunrpc] [ 864.076386] xprt_rdma_close+0xe/0x30 [rpcrdma] [ 864.082593] xprt_autoclose+0x52/0x100 [sunrpc] [ 864.088718] process_one_work+0x1e8/0x3c0 [ 864.094170] worker_thread+0x50/0x3b0 [ 864.099109] ? rescuer_thread+0x370/0x370 [ 864.104473] kthread+0x149/0x170 [ 864.109022] ? set_kthread_struct+0x40/0x40 [ 864.114713] ret_from_fork+0x22/0x30
AI Analysis
Technical Summary
CVE-2022-48694 is a vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically within the iWARP RDMA driver (irdma). The issue arises from incorrect handling of software-generated completions for outstanding Work Requests (WRs) posted on the Send Queue (SQ) after the Queue Pair (QP) enters an error state. In this flawed scenario, completions are generated targeting the wrong Completion Queue (CQ), which leads to the ib_drain_sq function hanging indefinitely without completing the outstanding WRs. This hang manifests as a blocked kernel worker thread, as evidenced by kernel logs showing tasks stuck for extended periods (e.g., over 120 seconds). The root cause is the mismatch between the QP error state and the CQ targeted for completions, causing the drain operation to stall. This can impact subsystems relying on RDMA communication, such as high-performance computing clusters, storage networks, or other latency-sensitive applications using RDMA over Converged Ethernet (RoCE) or iWARP. The vulnerability is fixed by ensuring completions are generated on the correct CQ, preventing the hang. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects specific Linux kernel versions identified by commit hashes, including kernels around version 5.14.0-130.el9.x86_64. The issue is primarily a denial-of-service condition caused by kernel task hangs, potentially impacting system stability and availability of RDMA-dependent services.
Potential Impact
For European organizations, especially those operating data centers, HPC environments, or enterprise storage solutions leveraging RDMA technologies on Linux, this vulnerability can cause significant service disruptions. The hang in the kernel worker thread can lead to degraded performance or complete unavailability of RDMA-based communication, affecting critical applications such as database clustering, financial transaction processing, or scientific computing. Organizations relying on Linux servers with affected kernel versions and RDMA hardware may experience intermittent or prolonged outages, impacting business continuity and operational efficiency. The impact is primarily on availability, with no direct confidentiality or integrity compromise reported. However, prolonged hangs could cascade into broader system instability or trigger failover mechanisms, potentially causing downtime or data access delays. Given the widespread use of Linux in European enterprise and cloud infrastructures, the vulnerability could affect a broad range of sectors including finance, telecommunications, research institutions, and manufacturing.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify Linux systems running affected kernel versions with RDMA/iWARP drivers enabled, especially those using irdma modules. 2) Apply the official Linux kernel patches that correct the completion queue targeting logic to prevent the drain SQ hang. If vendor-specific kernels are used (e.g., Red Hat Enterprise Linux or SUSE), ensure updates from those vendors are applied promptly. 3) Temporarily disable RDMA/iWARP functionality on non-critical systems if patching cannot be immediately performed, to avoid triggering the hang. 4) Monitor kernel logs for hung task warnings related to ib_drain_sq or kworker threads as early indicators of the issue. 5) Implement robust system monitoring and alerting to detect RDMA subsystem anomalies and respond quickly. 6) Test patches in staging environments to validate stability before production deployment, given the critical nature of kernel updates. 7) Engage with hardware vendors for firmware or driver updates if applicable, ensuring full stack compatibility. These steps go beyond generic advice by focusing on RDMA-specific configurations, kernel version tracking, and proactive monitoring tailored to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland, Italy
CVE-2022-48694: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error target the wrong CQ. This causes the ib_drain_sq to hang with no completion. Fix this to generate completions on the right CQ. [ 863.969340] INFO: task kworker/u52:2:671 blocked for more than 122 seconds. [ 863.979224] Not tainted 5.14.0-130.el9.x86_64 #1 [ 863.986588] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 863.996997] task:kworker/u52:2 state:D stack: 0 pid: 671 ppid: 2 flags:0x00004000 [ 864.007272] Workqueue: xprtiod xprt_autoclose [sunrpc] [ 864.014056] Call Trace: [ 864.017575] __schedule+0x206/0x580 [ 864.022296] schedule+0x43/0xa0 [ 864.026736] schedule_timeout+0x115/0x150 [ 864.032185] __wait_for_common+0x93/0x1d0 [ 864.037717] ? usleep_range_state+0x90/0x90 [ 864.043368] __ib_drain_sq+0xf6/0x170 [ib_core] [ 864.049371] ? __rdma_block_iter_next+0x80/0x80 [ib_core] [ 864.056240] ib_drain_sq+0x66/0x70 [ib_core] [ 864.062003] rpcrdma_xprt_disconnect+0x82/0x3b0 [rpcrdma] [ 864.069365] ? xprt_prepare_transmit+0x5d/0xc0 [sunrpc] [ 864.076386] xprt_rdma_close+0xe/0x30 [rpcrdma] [ 864.082593] xprt_autoclose+0x52/0x100 [sunrpc] [ 864.088718] process_one_work+0x1e8/0x3c0 [ 864.094170] worker_thread+0x50/0x3b0 [ 864.099109] ? rescuer_thread+0x370/0x370 [ 864.104473] kthread+0x149/0x170 [ 864.109022] ? set_kthread_struct+0x40/0x40 [ 864.114713] ret_from_fork+0x22/0x30
AI-Powered Analysis
Technical Analysis
CVE-2022-48694 is a vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically within the iWARP RDMA driver (irdma). The issue arises from incorrect handling of software-generated completions for outstanding Work Requests (WRs) posted on the Send Queue (SQ) after the Queue Pair (QP) enters an error state. In this flawed scenario, completions are generated targeting the wrong Completion Queue (CQ), which leads to the ib_drain_sq function hanging indefinitely without completing the outstanding WRs. This hang manifests as a blocked kernel worker thread, as evidenced by kernel logs showing tasks stuck for extended periods (e.g., over 120 seconds). The root cause is the mismatch between the QP error state and the CQ targeted for completions, causing the drain operation to stall. This can impact subsystems relying on RDMA communication, such as high-performance computing clusters, storage networks, or other latency-sensitive applications using RDMA over Converged Ethernet (RoCE) or iWARP. The vulnerability is fixed by ensuring completions are generated on the correct CQ, preventing the hang. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects specific Linux kernel versions identified by commit hashes, including kernels around version 5.14.0-130.el9.x86_64. The issue is primarily a denial-of-service condition caused by kernel task hangs, potentially impacting system stability and availability of RDMA-dependent services.
Potential Impact
For European organizations, especially those operating data centers, HPC environments, or enterprise storage solutions leveraging RDMA technologies on Linux, this vulnerability can cause significant service disruptions. The hang in the kernel worker thread can lead to degraded performance or complete unavailability of RDMA-based communication, affecting critical applications such as database clustering, financial transaction processing, or scientific computing. Organizations relying on Linux servers with affected kernel versions and RDMA hardware may experience intermittent or prolonged outages, impacting business continuity and operational efficiency. The impact is primarily on availability, with no direct confidentiality or integrity compromise reported. However, prolonged hangs could cascade into broader system instability or trigger failover mechanisms, potentially causing downtime or data access delays. Given the widespread use of Linux in European enterprise and cloud infrastructures, the vulnerability could affect a broad range of sectors including finance, telecommunications, research institutions, and manufacturing.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify Linux systems running affected kernel versions with RDMA/iWARP drivers enabled, especially those using irdma modules. 2) Apply the official Linux kernel patches that correct the completion queue targeting logic to prevent the drain SQ hang. If vendor-specific kernels are used (e.g., Red Hat Enterprise Linux or SUSE), ensure updates from those vendors are applied promptly. 3) Temporarily disable RDMA/iWARP functionality on non-critical systems if patching cannot be immediately performed, to avoid triggering the hang. 4) Monitor kernel logs for hung task warnings related to ib_drain_sq or kworker threads as early indicators of the issue. 5) Implement robust system monitoring and alerting to detect RDMA subsystem anomalies and respond quickly. 6) Test patches in staging environments to validate stability before production deployment, given the critical nature of kernel updates. 7) Engage with hardware vendors for firmware or driver updates if applicable, ensuring full stack compatibility. These steps go beyond generic advice by focusing on RDMA-specific configurations, kernel version tracking, and proactive monitoring tailored to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-03T14:55:07.145Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5ea5
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 7:10:19 PM
Last updated: 7/29/2025, 10:18:22 AM
Views: 8
Related Threats
CVE-2025-9006: Buffer Overflow in Tenda CH22
HighCVE-2025-9005: Information Exposure Through Error Message in mtons mblog
MediumCVE-2025-9004: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumCVE-2025-9003: Cross Site Scripting in D-Link DIR-818LW
MediumCVE-2025-55726
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.