CVE-2022-48715: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe Running tests with a debug kernel shows that bnx2fc_recv_frame() is modifying the per_cpu lport stats counters in a non-mpsafe way. Just boot a debug kernel and run the bnx2fc driver with the hardware enabled. [ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_ [ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc] [ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B [ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013 [ 1391.699183] Call Trace: [ 1391.699188] dump_stack_lvl+0x57/0x7d [ 1391.699198] check_preemption_disabled+0xc8/0xd0 [ 1391.699205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc] [ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180 [ 1391.699221] ? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc] [ 1391.699229] ? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc] [ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc] [ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc] [ 1391.699258] kthread+0x364/0x420 [ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50 [ 1391.699268] ? set_kthread_struct+0x100/0x100 [ 1391.699273] ret_from_fork+0x22/0x30 Restore the old get_cpu/put_cpu code with some modifications to reduce the size of the critical section.
AI Analysis
Technical Summary
CVE-2022-48715 is a concurrency-related vulnerability in the Linux kernel's bnx2fc driver, which is responsible for handling Broadcom NetXtreme II Fibre Channel over Ethernet (FCoE) devices. The issue arises in the function bnx2fc_recv_frame(), which modifies per-CPU local port statistics counters in a manner that is not safe for multi-processor (MP) environments. Specifically, the function uses smp_processor_id() in preemptible code sections without proper synchronization, leading to potential race conditions and data corruption. The vulnerability was identified through tests on debug kernels where the improper use of smp_processor_id() caused kernel BUG messages and stack traces, indicating unsafe access to per-CPU data structures. The root cause is the modification of per-CPU counters without disabling preemption or using appropriate locking mechanisms, which can cause inconsistent or corrupted statistics data. The fix involved reverting to the older get_cpu()/put_cpu() approach with modifications to minimize the critical section size, ensuring safe access to per-CPU variables by disabling preemption during updates. This vulnerability affects Linux kernel versions containing the specified commit hash d576a5e80cd07ea7049f8fd7b303c14df7b5d7d2 and similar versions where the bnx2fc driver is in use. Although no known exploits are reported in the wild, the issue could cause kernel instability or crashes under high concurrency, especially in environments using Broadcom NetXtreme II FCoE hardware. The vulnerability does not directly expose confidentiality or integrity risks but can impact system availability due to kernel panics or deadlocks triggered by unsafe concurrent access to kernel data structures.
Potential Impact
For European organizations, particularly those operating data centers, cloud infrastructure, or enterprise environments using Linux servers with Broadcom NetXtreme II FCoE adapters, this vulnerability poses a risk of system instability and potential downtime. The bnx2fc driver is typically used in storage area network (SAN) environments where Fibre Channel over Ethernet is deployed for high-speed storage connectivity. A kernel crash or deadlock caused by this vulnerability could disrupt critical storage operations, impacting business continuity and data availability. Organizations relying on Linux-based storage servers or virtualization hosts with affected hardware may experience degraded performance or unexpected reboots, leading to operational disruptions. While the vulnerability does not allow direct remote code execution or privilege escalation, the resulting denial of service (DoS) conditions could be exploited by attackers with local access or by triggering specific workloads that stress the bnx2fc driver. This is particularly relevant for European financial institutions, telecommunications providers, and cloud service providers where high availability and data integrity are paramount. Additionally, regulatory requirements such as GDPR emphasize the need for maintaining system availability and integrity, making timely patching critical to compliance and risk management.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, specifically applying the fix that restores safe per-CPU variable access in the bnx2fc driver. Kernel upgrades should be tested in staging environments to ensure compatibility with existing hardware and workloads. In environments where immediate kernel updates are not feasible, administrators should consider temporarily disabling the bnx2fc driver if FCoE functionality is not critical, or limiting workloads that heavily utilize the bnx2fc driver to reduce concurrency stress. Monitoring kernel logs for BUG messages related to bnx2fc_recv_frame can help detect attempts to trigger the vulnerability. Additionally, organizations should implement strict access controls to limit local user privileges, reducing the risk of malicious exploitation. For environments using Broadcom NetXtreme II adapters, firmware and driver updates from hardware vendors should also be reviewed and applied as recommended. Finally, integrating this vulnerability into vulnerability management and patching workflows ensures timely remediation and reduces exposure windows.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Belgium, Poland
CVE-2022-48715: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe Running tests with a debug kernel shows that bnx2fc_recv_frame() is modifying the per_cpu lport stats counters in a non-mpsafe way. Just boot a debug kernel and run the bnx2fc driver with the hardware enabled. [ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_ [ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc] [ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B [ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013 [ 1391.699183] Call Trace: [ 1391.699188] dump_stack_lvl+0x57/0x7d [ 1391.699198] check_preemption_disabled+0xc8/0xd0 [ 1391.699205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc] [ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180 [ 1391.699221] ? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc] [ 1391.699229] ? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc] [ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc] [ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc] [ 1391.699258] kthread+0x364/0x420 [ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50 [ 1391.699268] ? set_kthread_struct+0x100/0x100 [ 1391.699273] ret_from_fork+0x22/0x30 Restore the old get_cpu/put_cpu code with some modifications to reduce the size of the critical section.
AI-Powered Analysis
Technical Analysis
CVE-2022-48715 is a concurrency-related vulnerability in the Linux kernel's bnx2fc driver, which is responsible for handling Broadcom NetXtreme II Fibre Channel over Ethernet (FCoE) devices. The issue arises in the function bnx2fc_recv_frame(), which modifies per-CPU local port statistics counters in a manner that is not safe for multi-processor (MP) environments. Specifically, the function uses smp_processor_id() in preemptible code sections without proper synchronization, leading to potential race conditions and data corruption. The vulnerability was identified through tests on debug kernels where the improper use of smp_processor_id() caused kernel BUG messages and stack traces, indicating unsafe access to per-CPU data structures. The root cause is the modification of per-CPU counters without disabling preemption or using appropriate locking mechanisms, which can cause inconsistent or corrupted statistics data. The fix involved reverting to the older get_cpu()/put_cpu() approach with modifications to minimize the critical section size, ensuring safe access to per-CPU variables by disabling preemption during updates. This vulnerability affects Linux kernel versions containing the specified commit hash d576a5e80cd07ea7049f8fd7b303c14df7b5d7d2 and similar versions where the bnx2fc driver is in use. Although no known exploits are reported in the wild, the issue could cause kernel instability or crashes under high concurrency, especially in environments using Broadcom NetXtreme II FCoE hardware. The vulnerability does not directly expose confidentiality or integrity risks but can impact system availability due to kernel panics or deadlocks triggered by unsafe concurrent access to kernel data structures.
Potential Impact
For European organizations, particularly those operating data centers, cloud infrastructure, or enterprise environments using Linux servers with Broadcom NetXtreme II FCoE adapters, this vulnerability poses a risk of system instability and potential downtime. The bnx2fc driver is typically used in storage area network (SAN) environments where Fibre Channel over Ethernet is deployed for high-speed storage connectivity. A kernel crash or deadlock caused by this vulnerability could disrupt critical storage operations, impacting business continuity and data availability. Organizations relying on Linux-based storage servers or virtualization hosts with affected hardware may experience degraded performance or unexpected reboots, leading to operational disruptions. While the vulnerability does not allow direct remote code execution or privilege escalation, the resulting denial of service (DoS) conditions could be exploited by attackers with local access or by triggering specific workloads that stress the bnx2fc driver. This is particularly relevant for European financial institutions, telecommunications providers, and cloud service providers where high availability and data integrity are paramount. Additionally, regulatory requirements such as GDPR emphasize the need for maintaining system availability and integrity, making timely patching critical to compliance and risk management.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, specifically applying the fix that restores safe per-CPU variable access in the bnx2fc driver. Kernel upgrades should be tested in staging environments to ensure compatibility with existing hardware and workloads. In environments where immediate kernel updates are not feasible, administrators should consider temporarily disabling the bnx2fc driver if FCoE functionality is not critical, or limiting workloads that heavily utilize the bnx2fc driver to reduce concurrency stress. Monitoring kernel logs for BUG messages related to bnx2fc_recv_frame can help detect attempts to trigger the vulnerability. Additionally, organizations should implement strict access controls to limit local user privileges, reducing the risk of malicious exploitation. For environments using Broadcom NetXtreme II adapters, firmware and driver updates from hardware vendors should also be reviewed and applied as recommended. Finally, integrating this vulnerability into vulnerability management and patching workflows ensures timely remediation and reduces exposure windows.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T11:09:39.050Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5f25
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 7:39:47 PM
Last updated: 7/26/2025, 3:20:05 PM
Views: 9
Related Threats
CVE-2025-8885: CWE-770 Allocation of Resources Without Limits or Throttling in Legion of the Bouncy Castle Inc. Bouncy Castle for Java
MediumCVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.