CVE-2022-48823: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF Hung task call trace was seen during LOGO processing. [ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued... [ 974.309065] [0000:00:00.0]:[qedf_initiate_tmf:2422]: tm_flags 0x10 sc_cmd 00000000c16b930f op = 0x2a target_id = 0x2 lun=0 [ 974.309178] [0000:00:00.0]:[qedf_initiate_tmf:2431]: portid=016900 tm_flags =LUN RESET [ 974.309222] [0000:00:00.0]:[qedf_initiate_tmf:2438]: orig io_req = 00000000ec78df8f xid = 0x180 ref_cnt = 1. [ 974.309625] host1: rport 016900: Received LOGO request while in state Ready [ 974.309627] host1: rport 016900: Delete port [ 974.309642] host1: rport 016900: work event 3 [ 974.309644] host1: rport 016900: lld callback ev 3 [ 974.313243] [0000:61:00.2]:[qedf_execute_tmf:2383]:1: fcport is uploading, not executing flush. [ 974.313295] [0000:61:00.2]:[qedf_execute_tmf:2400]:1: task mgmt command success... [ 984.031088] INFO: task jbd2/dm-15-8:7645 blocked for more than 120 seconds. [ 984.031136] Not tainted 4.18.0-305.el8.x86_64 #1 [ 984.031166] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 984.031209] jbd2/dm-15-8 D 0 7645 2 0x80004080 [ 984.031212] Call Trace: [ 984.031222] __schedule+0x2c4/0x700 [ 984.031230] ? unfreeze_partials.isra.83+0x16e/0x1a0 [ 984.031233] ? bit_wait_timeout+0x90/0x90 [ 984.031235] schedule+0x38/0xa0 [ 984.031238] io_schedule+0x12/0x40 [ 984.031240] bit_wait_io+0xd/0x50 [ 984.031243] __wait_on_bit+0x6c/0x80 [ 984.031248] ? free_buffer_head+0x21/0x50 [ 984.031251] out_of_line_wait_on_bit+0x91/0xb0 [ 984.031257] ? init_wait_var_entry+0x50/0x50 [ 984.031268] jbd2_journal_commit_transaction+0x112e/0x19f0 [jbd2] [ 984.031280] kjournald2+0xbd/0x270 [jbd2] [ 984.031284] ? finish_wait+0x80/0x80 [ 984.031291] ? commit_timeout+0x10/0x10 [jbd2] [ 984.031294] kthread+0x116/0x130 [ 984.031300] ? kthread_flush_work_fn+0x10/0x10 [ 984.031305] ret_from_fork+0x1f/0x40 There was a ref count issue when LOGO is received during TMF. This leads to one of the I/Os hanging with the driver. Fix the ref count.
AI Analysis
Technical Summary
CVE-2022-48823 is a vulnerability identified in the Linux kernel's qedf SCSI driver, specifically related to the handling of LOGO (Logout) requests during Task Management Function (TMF) operations. The qedf driver is responsible for managing Fibre Channel over Ethernet (FCoE) communications, which are commonly used in enterprise storage networks. The vulnerability arises from a reference count management issue when a LOGO request is received while a TMF, such as a LUN reset, is in progress. This improper handling leads to one or more I/O operations hanging indefinitely within the driver, as evidenced by kernel logs showing hung task call traces and blocked processes. The root cause is a failure to correctly manage the lifecycle and reference counting of I/O requests during these concurrent events, resulting in resource leaks and stalled I/O operations. This can cause system instability, degraded performance, and potential denial of service conditions on affected systems. The issue was observed in kernel version 4.18.0-305.el8.x86_64 but may affect other versions using the vulnerable qedf driver. The fix involves correcting the reference count handling to ensure that I/O requests are properly released when a LOGO is received during TMF processing, preventing the hang and restoring normal operation.
Potential Impact
For European organizations, especially those relying on Linux-based servers and storage infrastructure utilizing Fibre Channel over Ethernet, this vulnerability poses a risk of service disruption. The hanging I/O operations can lead to degraded storage performance, application timeouts, or complete denial of service on critical systems. This is particularly impactful for data centers, cloud providers, and enterprises with high availability requirements for storage networks. The inability to process storage commands efficiently can affect database operations, virtual machine storage access, and backup systems, potentially causing data access delays or outages. While there is no indication of direct data corruption or unauthorized data access, the operational impact can be significant, leading to financial losses and reputational damage. Moreover, the vulnerability does not require user interaction but does require the attacker to have the ability to send LOGO requests, which typically implies some level of network or system access, limiting exploitation scope but not eliminating risk in multi-tenant or complex network environments.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, ensuring the qedf driver includes the fix for proper reference count handling during LOGO and TMF events. System administrators should audit their storage network configurations to identify systems using the qedf driver and assess exposure. Implementing monitoring for hung tasks and I/O stalls related to qedf can provide early detection of exploitation attempts or system issues. Network segmentation and strict access controls on Fibre Channel and FCoE networks can reduce the risk of unauthorized LOGO requests. Additionally, organizations should review and test their incident response and recovery procedures for storage-related outages to minimize downtime. For environments where immediate patching is not feasible, temporarily disabling or restricting TMF operations or LOGO handling on affected interfaces may reduce risk, though this could impact normal storage operations and should be carefully evaluated.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-48823: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF Hung task call trace was seen during LOGO processing. [ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued... [ 974.309065] [0000:00:00.0]:[qedf_initiate_tmf:2422]: tm_flags 0x10 sc_cmd 00000000c16b930f op = 0x2a target_id = 0x2 lun=0 [ 974.309178] [0000:00:00.0]:[qedf_initiate_tmf:2431]: portid=016900 tm_flags =LUN RESET [ 974.309222] [0000:00:00.0]:[qedf_initiate_tmf:2438]: orig io_req = 00000000ec78df8f xid = 0x180 ref_cnt = 1. [ 974.309625] host1: rport 016900: Received LOGO request while in state Ready [ 974.309627] host1: rport 016900: Delete port [ 974.309642] host1: rport 016900: work event 3 [ 974.309644] host1: rport 016900: lld callback ev 3 [ 974.313243] [0000:61:00.2]:[qedf_execute_tmf:2383]:1: fcport is uploading, not executing flush. [ 974.313295] [0000:61:00.2]:[qedf_execute_tmf:2400]:1: task mgmt command success... [ 984.031088] INFO: task jbd2/dm-15-8:7645 blocked for more than 120 seconds. [ 984.031136] Not tainted 4.18.0-305.el8.x86_64 #1 [ 984.031166] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 984.031209] jbd2/dm-15-8 D 0 7645 2 0x80004080 [ 984.031212] Call Trace: [ 984.031222] __schedule+0x2c4/0x700 [ 984.031230] ? unfreeze_partials.isra.83+0x16e/0x1a0 [ 984.031233] ? bit_wait_timeout+0x90/0x90 [ 984.031235] schedule+0x38/0xa0 [ 984.031238] io_schedule+0x12/0x40 [ 984.031240] bit_wait_io+0xd/0x50 [ 984.031243] __wait_on_bit+0x6c/0x80 [ 984.031248] ? free_buffer_head+0x21/0x50 [ 984.031251] out_of_line_wait_on_bit+0x91/0xb0 [ 984.031257] ? init_wait_var_entry+0x50/0x50 [ 984.031268] jbd2_journal_commit_transaction+0x112e/0x19f0 [jbd2] [ 984.031280] kjournald2+0xbd/0x270 [jbd2] [ 984.031284] ? finish_wait+0x80/0x80 [ 984.031291] ? commit_timeout+0x10/0x10 [jbd2] [ 984.031294] kthread+0x116/0x130 [ 984.031300] ? kthread_flush_work_fn+0x10/0x10 [ 984.031305] ret_from_fork+0x1f/0x40 There was a ref count issue when LOGO is received during TMF. This leads to one of the I/Os hanging with the driver. Fix the ref count.
AI-Powered Analysis
Technical Analysis
CVE-2022-48823 is a vulnerability identified in the Linux kernel's qedf SCSI driver, specifically related to the handling of LOGO (Logout) requests during Task Management Function (TMF) operations. The qedf driver is responsible for managing Fibre Channel over Ethernet (FCoE) communications, which are commonly used in enterprise storage networks. The vulnerability arises from a reference count management issue when a LOGO request is received while a TMF, such as a LUN reset, is in progress. This improper handling leads to one or more I/O operations hanging indefinitely within the driver, as evidenced by kernel logs showing hung task call traces and blocked processes. The root cause is a failure to correctly manage the lifecycle and reference counting of I/O requests during these concurrent events, resulting in resource leaks and stalled I/O operations. This can cause system instability, degraded performance, and potential denial of service conditions on affected systems. The issue was observed in kernel version 4.18.0-305.el8.x86_64 but may affect other versions using the vulnerable qedf driver. The fix involves correcting the reference count handling to ensure that I/O requests are properly released when a LOGO is received during TMF processing, preventing the hang and restoring normal operation.
Potential Impact
For European organizations, especially those relying on Linux-based servers and storage infrastructure utilizing Fibre Channel over Ethernet, this vulnerability poses a risk of service disruption. The hanging I/O operations can lead to degraded storage performance, application timeouts, or complete denial of service on critical systems. This is particularly impactful for data centers, cloud providers, and enterprises with high availability requirements for storage networks. The inability to process storage commands efficiently can affect database operations, virtual machine storage access, and backup systems, potentially causing data access delays or outages. While there is no indication of direct data corruption or unauthorized data access, the operational impact can be significant, leading to financial losses and reputational damage. Moreover, the vulnerability does not require user interaction but does require the attacker to have the ability to send LOGO requests, which typically implies some level of network or system access, limiting exploitation scope but not eliminating risk in multi-tenant or complex network environments.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, ensuring the qedf driver includes the fix for proper reference count handling during LOGO and TMF events. System administrators should audit their storage network configurations to identify systems using the qedf driver and assess exposure. Implementing monitoring for hung tasks and I/O stalls related to qedf can provide early detection of exploitation attempts or system issues. Network segmentation and strict access controls on Fibre Channel and FCoE networks can reduce the risk of unauthorized LOGO requests. Additionally, organizations should review and test their incident response and recovery procedures for storage-related outages to minimize downtime. For environments where immediate patching is not feasible, temporarily disabling or restricting TMF operations or LOGO handling on affected interfaces may reduce risk, though this could impact normal storage operations and should be carefully evaluated.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.902Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe62b7
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 10:25:12 PM
Last updated: 8/9/2025, 4:46:53 PM
Views: 15
Related Threats
CVE-2025-8834: Cross Site Scripting in JCG Link-net LW-N915R
MediumCVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.