CVE-2022-48758: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remove_group() as the controller rport device attributes are removed too early. Replace the fcoe_port's destroy_work queue. It's not needed. The problem is easily reproducible with the following steps. Example: $ dmesg -w & $ systemctl enable --now fcoe $ fipvlan -s -c ens2f1 $ fcoeadm -d ens2f1.802 [ 583.464488] host2: libfc: Link down on port (7500a1) [ 583.472651] bnx2fc: 7500a1 - rport not created Yet!! [ 583.490468] ------------[ cut here ]------------ [ 583.538725] sysfs group 'power' not found for kobject 'rport-2:0-0' [ 583.568814] WARNING: CPU: 3 PID: 192 at fs/sysfs/group.c:279 sysfs_remove_group+0x6f/0x80 [ 583.607130] Modules linked in: dm_service_time 8021q garp mrp stp llc bnx2fc cnic uio rpcsec_gss_krb5 auth_rpcgss nfsv4 ... [ 583.942994] CPU: 3 PID: 192 Comm: kworker/3:2 Kdump: loaded Not tainted 5.14.0-39.el9.x86_64 #1 [ 583.984105] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013 [ 584.016535] Workqueue: fc_wq_2 fc_rport_final_delete [scsi_transport_fc] [ 584.050691] RIP: 0010:sysfs_remove_group+0x6f/0x80 [ 584.074725] Code: ff 5b 48 89 ef 5d 41 5c e9 ee c0 ff ff 48 89 ef e8 f6 b8 ff ff eb d1 49 8b 14 24 48 8b 33 48 c7 c7 ... [ 584.162586] RSP: 0018:ffffb567c15afdc0 EFLAGS: 00010282 [ 584.188225] RAX: 0000000000000000 RBX: ffffffff8eec4220 RCX: 0000000000000000 [ 584.221053] RDX: ffff8c1586ce84c0 RSI: ffff8c1586cd7cc0 RDI: ffff8c1586cd7cc0 [ 584.255089] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb567c15afc00 [ 584.287954] R10: ffffb567c15afbf8 R11: ffffffff8fbe7f28 R12: ffff8c1486326400 [ 584.322356] R13: ffff8c1486326480 R14: ffff8c1483a4a000 R15: 0000000000000004 [ 584.355379] FS: 0000000000000000(0000) GS:ffff8c1586cc0000(0000) knlGS:0000000000000000 [ 584.394419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 584.421123] CR2: 00007fe95a6f7840 CR3: 0000000107674002 CR4: 00000000000606e0 [ 584.454888] Call Trace: [ 584.466108] device_del+0xb2/0x3e0 [ 584.481701] device_unregister+0x13/0x60 [ 584.501306] bsg_unregister_queue+0x5b/0x80 [ 584.522029] bsg_remove_queue+0x1c/0x40 [ 584.541884] fc_rport_final_delete+0xf3/0x1d0 [scsi_transport_fc] [ 584.573823] process_one_work+0x1e3/0x3b0 [ 584.592396] worker_thread+0x50/0x3b0 [ 584.609256] ? rescuer_thread+0x370/0x370 [ 584.628877] kthread+0x149/0x170 [ 584.643673] ? set_kthread_struct+0x40/0x40 [ 584.662909] ret_from_fork+0x22/0x30 [ 584.680002] ---[ end trace 53575ecefa942ece ]---
AI Analysis
Technical Summary
CVE-2022-48758 is a vulnerability identified in the Linux kernel's bnx2fc driver, which is responsible for handling Fibre Channel over Ethernet (FCoE) functionality. The issue arises from improper handling of the destroy_work queue in the bnx2fc_destroy() function. Specifically, the interface is removed before the destroy_work queue is flushed, leading to multiple warnings and errors related to sysfs_remove_group() calls. This premature removal causes the controller remote port (rport) device attributes to be deleted too early, resulting in kernel warnings and potential instability. The vulnerability is reproducible by enabling FCoE services and performing specific commands that trigger the destruction sequence, which then leads to kernel warnings and tracebacks as shown in the provided logs. The root cause is the unnecessary use of the destroy_work queue for the fcoe_port, which has been addressed by removing this queue in the fix. Although the vulnerability does not appear to cause direct memory corruption or privilege escalation, the kernel warnings and improper device removal could lead to system instability or crashes, especially in environments relying on FCoE for storage networking. This could impact data availability and system reliability on affected Linux systems running the vulnerable kernel versions.
Potential Impact
For European organizations, particularly those operating data centers, cloud infrastructure, or enterprise storage solutions that utilize Linux servers with FCoE capabilities, this vulnerability could lead to unexpected kernel warnings and potential system instability. While no direct exploit or remote code execution is reported, the instability could cause service interruptions, impacting availability of critical storage resources. Organizations relying on Linux-based storage networking might experience degraded performance or unplanned downtime, which can affect business continuity. Additionally, troubleshooting and remediation efforts could increase operational overhead. Since FCoE is commonly used in enterprise storage networks, sectors such as finance, healthcare, telecommunications, and manufacturing in Europe could be affected if they deploy vulnerable Linux kernels in their infrastructure.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify Linux systems running kernel versions that include the vulnerable bnx2fc driver implementation, especially those utilizing FCoE. 2) Apply the latest Linux kernel patches or updates that remove the unnecessary destroy_work queue from the bnx2fc driver, as indicated by the Linux kernel maintainers. 3) If immediate patching is not feasible, consider disabling FCoE services temporarily to prevent triggering the vulnerability. 4) Monitor system logs (e.g., dmesg) for kernel warnings related to bnx2fc or sysfs_remove_group to detect potential exploitation or instability. 5) Test kernel updates in staging environments to ensure compatibility with existing storage infrastructure before production deployment. 6) Collaborate with hardware vendors (e.g., server and storage appliance providers) to ensure firmware and driver compatibility with patched kernels. 7) Implement robust backup and disaster recovery plans to mitigate risks from potential system crashes or data unavailability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium, Poland
CVE-2022-48758: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remove_group() as the controller rport device attributes are removed too early. Replace the fcoe_port's destroy_work queue. It's not needed. The problem is easily reproducible with the following steps. Example: $ dmesg -w & $ systemctl enable --now fcoe $ fipvlan -s -c ens2f1 $ fcoeadm -d ens2f1.802 [ 583.464488] host2: libfc: Link down on port (7500a1) [ 583.472651] bnx2fc: 7500a1 - rport not created Yet!! [ 583.490468] ------------[ cut here ]------------ [ 583.538725] sysfs group 'power' not found for kobject 'rport-2:0-0' [ 583.568814] WARNING: CPU: 3 PID: 192 at fs/sysfs/group.c:279 sysfs_remove_group+0x6f/0x80 [ 583.607130] Modules linked in: dm_service_time 8021q garp mrp stp llc bnx2fc cnic uio rpcsec_gss_krb5 auth_rpcgss nfsv4 ... [ 583.942994] CPU: 3 PID: 192 Comm: kworker/3:2 Kdump: loaded Not tainted 5.14.0-39.el9.x86_64 #1 [ 583.984105] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013 [ 584.016535] Workqueue: fc_wq_2 fc_rport_final_delete [scsi_transport_fc] [ 584.050691] RIP: 0010:sysfs_remove_group+0x6f/0x80 [ 584.074725] Code: ff 5b 48 89 ef 5d 41 5c e9 ee c0 ff ff 48 89 ef e8 f6 b8 ff ff eb d1 49 8b 14 24 48 8b 33 48 c7 c7 ... [ 584.162586] RSP: 0018:ffffb567c15afdc0 EFLAGS: 00010282 [ 584.188225] RAX: 0000000000000000 RBX: ffffffff8eec4220 RCX: 0000000000000000 [ 584.221053] RDX: ffff8c1586ce84c0 RSI: ffff8c1586cd7cc0 RDI: ffff8c1586cd7cc0 [ 584.255089] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb567c15afc00 [ 584.287954] R10: ffffb567c15afbf8 R11: ffffffff8fbe7f28 R12: ffff8c1486326400 [ 584.322356] R13: ffff8c1486326480 R14: ffff8c1483a4a000 R15: 0000000000000004 [ 584.355379] FS: 0000000000000000(0000) GS:ffff8c1586cc0000(0000) knlGS:0000000000000000 [ 584.394419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 584.421123] CR2: 00007fe95a6f7840 CR3: 0000000107674002 CR4: 00000000000606e0 [ 584.454888] Call Trace: [ 584.466108] device_del+0xb2/0x3e0 [ 584.481701] device_unregister+0x13/0x60 [ 584.501306] bsg_unregister_queue+0x5b/0x80 [ 584.522029] bsg_remove_queue+0x1c/0x40 [ 584.541884] fc_rport_final_delete+0xf3/0x1d0 [scsi_transport_fc] [ 584.573823] process_one_work+0x1e3/0x3b0 [ 584.592396] worker_thread+0x50/0x3b0 [ 584.609256] ? rescuer_thread+0x370/0x370 [ 584.628877] kthread+0x149/0x170 [ 584.643673] ? set_kthread_struct+0x40/0x40 [ 584.662909] ret_from_fork+0x22/0x30 [ 584.680002] ---[ end trace 53575ecefa942ece ]---
AI-Powered Analysis
Technical Analysis
CVE-2022-48758 is a vulnerability identified in the Linux kernel's bnx2fc driver, which is responsible for handling Fibre Channel over Ethernet (FCoE) functionality. The issue arises from improper handling of the destroy_work queue in the bnx2fc_destroy() function. Specifically, the interface is removed before the destroy_work queue is flushed, leading to multiple warnings and errors related to sysfs_remove_group() calls. This premature removal causes the controller remote port (rport) device attributes to be deleted too early, resulting in kernel warnings and potential instability. The vulnerability is reproducible by enabling FCoE services and performing specific commands that trigger the destruction sequence, which then leads to kernel warnings and tracebacks as shown in the provided logs. The root cause is the unnecessary use of the destroy_work queue for the fcoe_port, which has been addressed by removing this queue in the fix. Although the vulnerability does not appear to cause direct memory corruption or privilege escalation, the kernel warnings and improper device removal could lead to system instability or crashes, especially in environments relying on FCoE for storage networking. This could impact data availability and system reliability on affected Linux systems running the vulnerable kernel versions.
Potential Impact
For European organizations, particularly those operating data centers, cloud infrastructure, or enterprise storage solutions that utilize Linux servers with FCoE capabilities, this vulnerability could lead to unexpected kernel warnings and potential system instability. While no direct exploit or remote code execution is reported, the instability could cause service interruptions, impacting availability of critical storage resources. Organizations relying on Linux-based storage networking might experience degraded performance or unplanned downtime, which can affect business continuity. Additionally, troubleshooting and remediation efforts could increase operational overhead. Since FCoE is commonly used in enterprise storage networks, sectors such as finance, healthcare, telecommunications, and manufacturing in Europe could be affected if they deploy vulnerable Linux kernels in their infrastructure.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify Linux systems running kernel versions that include the vulnerable bnx2fc driver implementation, especially those utilizing FCoE. 2) Apply the latest Linux kernel patches or updates that remove the unnecessary destroy_work queue from the bnx2fc driver, as indicated by the Linux kernel maintainers. 3) If immediate patching is not feasible, consider disabling FCoE services temporarily to prevent triggering the vulnerability. 4) Monitor system logs (e.g., dmesg) for kernel warnings related to bnx2fc or sysfs_remove_group to detect potential exploitation or instability. 5) Test kernel updates in staging environments to ensure compatibility with existing storage infrastructure before production deployment. 6) Collaborate with hardware vendors (e.g., server and storage appliance providers) to ensure firmware and driver compatibility with patched kernels. 7) Implement robust backup and disaster recovery plans to mitigate risks from potential system crashes or data unavailability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T11:09:39.059Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe609d
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 8:40:57 PM
Last updated: 8/13/2025, 8:24:52 AM
Views: 17
Related Threats
CVE-2025-9020: Use After Free in PX4 PX4-Autopilot
LowCVE-2025-8604: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wptb WP Table Builder – WordPress Table Plugin
MediumCVE-2025-9016: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8451: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpdevteam Essential Addons for Elementor – Popular Elementor Templates & Widgets
MediumCVE-2025-8013: CWE-918 Server-Side Request Forgery (SSRF) in quttera Quttera Web Malware Scanner
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.