CVE-2022-48729: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix panic with larger ipoib send_queue_size When the ipoib send_queue_size is increased from the default the following panic happens: RIP: 0010:hfi1_ipoib_drain_tx_ring+0x45/0xf0 [hfi1] Code: 31 e4 eb 0f 8b 85 c8 02 00 00 41 83 c4 01 44 39 e0 76 60 8b 8d cc 02 00 00 44 89 e3 be 01 00 00 00 d3 e3 48 03 9d c0 02 00 00 <c7> 83 18 01 00 00 00 00 00 00 48 8b bb 30 01 00 00 e8 25 af a7 e0 RSP: 0018:ffffc9000798f4a0 EFLAGS: 00010286 RAX: 0000000000008000 RBX: ffffc9000aa0f000 RCX: 000000000000000f RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff88810ff08000 R08: ffff88889476d900 R09: 0000000000000101 R10: 0000000000000000 R11: ffffc90006590ff8 R12: 0000000000000200 R13: ffffc9000798fba8 R14: 0000000000000000 R15: 0000000000000001 FS: 00007fd0f79cc3c0(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc9000aa0f118 CR3: 0000000889c84001 CR4: 00000000001706e0 Call Trace: <TASK> hfi1_ipoib_napi_tx_disable+0x45/0x60 [hfi1] hfi1_ipoib_dev_stop+0x18/0x80 [hfi1] ipoib_ib_dev_stop+0x1d/0x40 [ib_ipoib] ipoib_stop+0x48/0xc0 [ib_ipoib] __dev_close_many+0x9e/0x110 __dev_change_flags+0xd9/0x210 dev_change_flags+0x21/0x60 do_setlink+0x31c/0x10f0 ? __nla_validate_parse+0x12d/0x1a0 ? __nla_parse+0x21/0x30 ? inet6_validate_link_af+0x5e/0xf0 ? cpumask_next+0x1f/0x20 ? __snmp6_fill_stats64.isra.53+0xbb/0x140 ? __nla_validate_parse+0x47/0x1a0 __rtnl_newlink+0x530/0x910 ? pskb_expand_head+0x73/0x300 ? __kmalloc_node_track_caller+0x109/0x280 ? __nla_put+0xc/0x20 ? cpumask_next_and+0x20/0x30 ? update_sd_lb_stats.constprop.144+0xd3/0x820 ? _raw_spin_unlock_irqrestore+0x25/0x37 ? __wake_up_common_lock+0x87/0xc0 ? kmem_cache_alloc_trace+0x3d/0x3d0 rtnl_newlink+0x43/0x60 The issue happens when the shift that should have been a function of the txq item size mistakenly used the ring size. Fix by using the item size.
AI Analysis
Technical Summary
CVE-2022-48729 is a vulnerability identified in the Linux kernel specifically affecting the InfiniBand (IB) hfi1 driver, which is used for high-performance networking. The vulnerability arises when the ipoib (IP over InfiniBand) send_queue_size parameter is increased beyond its default value. Under these conditions, a kernel panic occurs due to a logic error in the hfi1_ipoib_drain_tx_ring function. The root cause is that a shift operation mistakenly uses the ring size instead of the txq item size, leading to improper memory or queue handling and ultimately causing the kernel to crash. This vulnerability does not affect confidentiality or integrity directly but impacts availability by causing a denial-of-service (DoS) condition through kernel panics. The vulnerability requires local privileges with limited privileges (PR:L) to exploit, does not require user interaction, and has a CVSS v3.1 base score of 5.5 (medium severity). The issue has been fixed by correcting the shift operation to use the item size rather than the ring size. No known exploits are reported in the wild at this time. The vulnerability affects Linux kernel versions containing the faulty code commit referenced by the affectedVersions hashes. This vulnerability is relevant primarily to systems using the hfi1 InfiniBand driver with ipoib networking, which is common in high-performance computing (HPC) environments and data centers utilizing InfiniBand networking for low-latency, high-throughput communication.
Potential Impact
For European organizations, the primary impact of CVE-2022-48729 is the potential for denial-of-service conditions on Linux systems using the hfi1 InfiniBand driver with ipoib networking configurations. This can cause unexpected kernel panics and system crashes, leading to downtime and disruption of critical services, especially in HPC clusters, research institutions, and data centers that rely on InfiniBand for performance-sensitive applications. While the vulnerability does not expose data or allow unauthorized access, the availability impact can be significant in environments where uptime and performance are critical. Organizations running large-scale compute clusters or storage systems with InfiniBand networking in Europe could face operational interruptions, impacting scientific research, financial modeling, or industrial simulations. Given the specialized nature of the affected component, the impact is limited to environments deploying InfiniBand with ipoib rather than general-purpose Linux servers. However, in those environments, the disruption caused by kernel panics can lead to cascading failures and loss of productivity.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems using the hfi1 InfiniBand driver with ipoib networking and verify if the send_queue_size parameter has been increased from its default. 2) Apply the latest Linux kernel patches or updates that include the fix for CVE-2022-48729, ensuring the corrected shift operation is in place. 3) If immediate patching is not feasible, revert any non-default ipoib send_queue_size settings to the default to avoid triggering the panic. 4) Implement monitoring for kernel panics or crashes related to the hfi1 driver to detect any attempts to exploit this vulnerability. 5) For HPC and data center environments, schedule maintenance windows to apply patches and test system stability post-update. 6) Engage with Linux distribution vendors or kernel maintainers to obtain backported patches if using long-term support kernels. 7) Document and audit InfiniBand configurations regularly to prevent misconfigurations that could expose this vulnerability. These targeted actions go beyond generic advice by focusing on the specific driver, parameter, and environment affected.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Switzerland, Finland, Italy
CVE-2022-48729: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix panic with larger ipoib send_queue_size When the ipoib send_queue_size is increased from the default the following panic happens: RIP: 0010:hfi1_ipoib_drain_tx_ring+0x45/0xf0 [hfi1] Code: 31 e4 eb 0f 8b 85 c8 02 00 00 41 83 c4 01 44 39 e0 76 60 8b 8d cc 02 00 00 44 89 e3 be 01 00 00 00 d3 e3 48 03 9d c0 02 00 00 <c7> 83 18 01 00 00 00 00 00 00 48 8b bb 30 01 00 00 e8 25 af a7 e0 RSP: 0018:ffffc9000798f4a0 EFLAGS: 00010286 RAX: 0000000000008000 RBX: ffffc9000aa0f000 RCX: 000000000000000f RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff88810ff08000 R08: ffff88889476d900 R09: 0000000000000101 R10: 0000000000000000 R11: ffffc90006590ff8 R12: 0000000000000200 R13: ffffc9000798fba8 R14: 0000000000000000 R15: 0000000000000001 FS: 00007fd0f79cc3c0(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc9000aa0f118 CR3: 0000000889c84001 CR4: 00000000001706e0 Call Trace: <TASK> hfi1_ipoib_napi_tx_disable+0x45/0x60 [hfi1] hfi1_ipoib_dev_stop+0x18/0x80 [hfi1] ipoib_ib_dev_stop+0x1d/0x40 [ib_ipoib] ipoib_stop+0x48/0xc0 [ib_ipoib] __dev_close_many+0x9e/0x110 __dev_change_flags+0xd9/0x210 dev_change_flags+0x21/0x60 do_setlink+0x31c/0x10f0 ? __nla_validate_parse+0x12d/0x1a0 ? __nla_parse+0x21/0x30 ? inet6_validate_link_af+0x5e/0xf0 ? cpumask_next+0x1f/0x20 ? __snmp6_fill_stats64.isra.53+0xbb/0x140 ? __nla_validate_parse+0x47/0x1a0 __rtnl_newlink+0x530/0x910 ? pskb_expand_head+0x73/0x300 ? __kmalloc_node_track_caller+0x109/0x280 ? __nla_put+0xc/0x20 ? cpumask_next_and+0x20/0x30 ? update_sd_lb_stats.constprop.144+0xd3/0x820 ? _raw_spin_unlock_irqrestore+0x25/0x37 ? __wake_up_common_lock+0x87/0xc0 ? kmem_cache_alloc_trace+0x3d/0x3d0 rtnl_newlink+0x43/0x60 The issue happens when the shift that should have been a function of the txq item size mistakenly used the ring size. Fix by using the item size.
AI-Powered Analysis
Technical Analysis
CVE-2022-48729 is a vulnerability identified in the Linux kernel specifically affecting the InfiniBand (IB) hfi1 driver, which is used for high-performance networking. The vulnerability arises when the ipoib (IP over InfiniBand) send_queue_size parameter is increased beyond its default value. Under these conditions, a kernel panic occurs due to a logic error in the hfi1_ipoib_drain_tx_ring function. The root cause is that a shift operation mistakenly uses the ring size instead of the txq item size, leading to improper memory or queue handling and ultimately causing the kernel to crash. This vulnerability does not affect confidentiality or integrity directly but impacts availability by causing a denial-of-service (DoS) condition through kernel panics. The vulnerability requires local privileges with limited privileges (PR:L) to exploit, does not require user interaction, and has a CVSS v3.1 base score of 5.5 (medium severity). The issue has been fixed by correcting the shift operation to use the item size rather than the ring size. No known exploits are reported in the wild at this time. The vulnerability affects Linux kernel versions containing the faulty code commit referenced by the affectedVersions hashes. This vulnerability is relevant primarily to systems using the hfi1 InfiniBand driver with ipoib networking, which is common in high-performance computing (HPC) environments and data centers utilizing InfiniBand networking for low-latency, high-throughput communication.
Potential Impact
For European organizations, the primary impact of CVE-2022-48729 is the potential for denial-of-service conditions on Linux systems using the hfi1 InfiniBand driver with ipoib networking configurations. This can cause unexpected kernel panics and system crashes, leading to downtime and disruption of critical services, especially in HPC clusters, research institutions, and data centers that rely on InfiniBand for performance-sensitive applications. While the vulnerability does not expose data or allow unauthorized access, the availability impact can be significant in environments where uptime and performance are critical. Organizations running large-scale compute clusters or storage systems with InfiniBand networking in Europe could face operational interruptions, impacting scientific research, financial modeling, or industrial simulations. Given the specialized nature of the affected component, the impact is limited to environments deploying InfiniBand with ipoib rather than general-purpose Linux servers. However, in those environments, the disruption caused by kernel panics can lead to cascading failures and loss of productivity.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems using the hfi1 InfiniBand driver with ipoib networking and verify if the send_queue_size parameter has been increased from its default. 2) Apply the latest Linux kernel patches or updates that include the fix for CVE-2022-48729, ensuring the corrected shift operation is in place. 3) If immediate patching is not feasible, revert any non-default ipoib send_queue_size settings to the default to avoid triggering the panic. 4) Implement monitoring for kernel panics or crashes related to the hfi1 driver to detect any attempts to exploit this vulnerability. 5) For HPC and data center environments, schedule maintenance windows to apply patches and test system stability post-update. 6) Engage with Linux distribution vendors or kernel maintainers to obtain backported patches if using long-term support kernels. 7) Document and audit InfiniBand configurations regularly to prevent misconfigurations that could expose this vulnerability. These targeted actions go beyond generic advice by focusing on the specific driver, parameter, and environment affected.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T11:09:39.052Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5fb6
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 7:55:33 PM
Last updated: 8/17/2025, 7:30:39 PM
Views: 15
Related Threats
CVE-2025-41242: Vulnerability in VMware Spring Framework
MediumCVE-2025-47206: CWE-787 in QNAP Systems Inc. File Station 5
HighCVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.