CVE-2022-48825: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add stag_work to all the vports Call trace seen when creating NPIV ports, only 32 out of 64 show online. stag work was not initialized for vport, hence initialize the stag work. WARNING: CPU: 8 PID: 645 at kernel/workqueue.c:1635 __queue_delayed_work+0x68/0x80 CPU: 8 PID: 645 Comm: kworker/8:1 Kdump: loaded Tainted: G IOE --------- -- 4.18.0-348.el8.x86_64 #1 Hardware name: Dell Inc. PowerEdge MX740c/0177V9, BIOS 2.12.2 07/09/2021 Workqueue: events fc_lport_timeout [libfc] RIP: 0010:__queue_delayed_work+0x68/0x80 Code: 89 b2 88 00 00 00 44 89 82 90 00 00 00 48 01 c8 48 89 42 50 41 81 f8 00 20 00 00 75 1d e9 60 24 07 00 44 89 c7 e9 98 f6 ff ff <0f> 0b eb c5 0f 0b eb a1 0f 0b eb a7 0f 0b eb ac 44 89 c6 e9 40 23 RSP: 0018:ffffae514bc3be40 EFLAGS: 00010006 RAX: ffff8d25d6143750 RBX: 0000000000000202 RCX: 0000000000000002 RDX: ffff8d2e31383748 RSI: ffff8d25c000d600 RDI: ffff8d2e31383788 RBP: ffff8d2e31380de0 R08: 0000000000002000 R09: ffff8d2e31383750 R10: ffffffffc0c957e0 R11: ffff8d2624800000 R12: ffff8d2e31380a58 R13: ffff8d2d915eb000 R14: ffff8d25c499b5c0 R15: ffff8d2e31380e18 FS: 0000000000000000(0000) GS:ffff8d2d1fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055fd0484b8b8 CR3: 00000008ffc10006 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: queue_delayed_work_on+0x36/0x40 qedf_elsct_send+0x57/0x60 [qedf] fc_lport_enter_flogi+0x90/0xc0 [libfc] fc_lport_timeout+0xb7/0x140 [libfc] process_one_work+0x1a7/0x360 ? create_worker+0x1a0/0x1a0 worker_thread+0x30/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x116/0x130 ? kthread_flush_work_fn+0x10/0x10 ret_from_fork+0x35/0x40 ---[ end trace 008f00f722f2c2ff ]-- Initialize stag work for all the vports.
AI Analysis
Technical Summary
CVE-2022-48825 is a vulnerability identified in the Linux kernel specifically related to the SCSI qedf driver, which handles Fibre Channel over Ethernet (FCoE) functionality. The issue arises from improper initialization of the 'stag work' structure for virtual ports (vports) when creating NPIV (N_Port ID Virtualization) ports. NPIV allows multiple virtual Fibre Channel ports to share a single physical port, commonly used in enterprise storage networking environments. The vulnerability manifests as a kernel warning and call trace during NPIV port creation, where only half of the expected vports (32 out of 64) become active. The root cause is that the stag work, a delayed work item used internally by the qedf driver, was not initialized for all vports, leading to unstable behavior and potential kernel crashes or denial of service. The kernel stack trace included in the description shows the failure occurring in the __queue_delayed_work function within the kernel's workqueue subsystem, triggered by qedf_elsct_send and subsequent Fibre Channel library functions. This indicates that the flaw affects the asynchronous work scheduling mechanism tied to Fibre Channel port management. While no known exploits are reported in the wild, the vulnerability could cause system instability or denial of service on affected Linux systems running the vulnerable qedf driver versions. The issue is resolved by ensuring stag work is properly initialized for all vports, preventing the kernel warning and enabling all NPIV ports to come online as expected. This fix is critical for environments relying on Linux servers with FCoE storage connectivity, particularly in data centers and enterprise storage networks.
Potential Impact
For European organizations, the impact of CVE-2022-48825 primarily concerns enterprises and service providers using Linux servers with Fibre Channel over Ethernet storage infrastructure. Such environments are common in data centers, cloud providers, and large enterprises with SAN (Storage Area Network) deployments. The vulnerability can lead to partial failure of NPIV port initialization, resulting in reduced availability of storage connectivity and potential denial of service conditions on critical servers. This can disrupt business operations, data access, and backup or disaster recovery processes dependent on SAN storage. Although the vulnerability does not appear to allow privilege escalation or remote code execution, the instability and potential kernel crashes could cause significant operational disruptions. Organizations with high-density virtualization or multi-tenant environments using NPIV to isolate storage traffic are particularly at risk. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or targeted attacks exploiting this flaw to cause denial of service. Given the widespread use of Linux in European enterprise and cloud infrastructures, the vulnerability poses a moderate operational risk if not addressed promptly.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions where the stag work initialization for all vports in the qedf driver has been fixed. This involves applying vendor-supplied kernel patches or upgrading to the latest stable kernel releases that include this fix. System administrators should audit their environments to identify Linux hosts using the qedf driver with NPIV configurations and verify kernel versions against the patched releases. In environments where immediate patching is not feasible, temporarily disabling NPIV or limiting the number of vports may reduce exposure, though this impacts functionality. Monitoring kernel logs for the specific warning messages related to __queue_delayed_work and qedf can help detect affected systems. Additionally, organizations should ensure robust backup and recovery procedures are in place to mitigate potential service disruptions. Coordination with hardware vendors (e.g., Dell PowerEdge servers) and storage providers is recommended to confirm compatibility and support for updated kernels. Finally, integrating this vulnerability into vulnerability management and patching workflows will help maintain ongoing protection.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain
CVE-2022-48825: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add stag_work to all the vports Call trace seen when creating NPIV ports, only 32 out of 64 show online. stag work was not initialized for vport, hence initialize the stag work. WARNING: CPU: 8 PID: 645 at kernel/workqueue.c:1635 __queue_delayed_work+0x68/0x80 CPU: 8 PID: 645 Comm: kworker/8:1 Kdump: loaded Tainted: G IOE --------- -- 4.18.0-348.el8.x86_64 #1 Hardware name: Dell Inc. PowerEdge MX740c/0177V9, BIOS 2.12.2 07/09/2021 Workqueue: events fc_lport_timeout [libfc] RIP: 0010:__queue_delayed_work+0x68/0x80 Code: 89 b2 88 00 00 00 44 89 82 90 00 00 00 48 01 c8 48 89 42 50 41 81 f8 00 20 00 00 75 1d e9 60 24 07 00 44 89 c7 e9 98 f6 ff ff <0f> 0b eb c5 0f 0b eb a1 0f 0b eb a7 0f 0b eb ac 44 89 c6 e9 40 23 RSP: 0018:ffffae514bc3be40 EFLAGS: 00010006 RAX: ffff8d25d6143750 RBX: 0000000000000202 RCX: 0000000000000002 RDX: ffff8d2e31383748 RSI: ffff8d25c000d600 RDI: ffff8d2e31383788 RBP: ffff8d2e31380de0 R08: 0000000000002000 R09: ffff8d2e31383750 R10: ffffffffc0c957e0 R11: ffff8d2624800000 R12: ffff8d2e31380a58 R13: ffff8d2d915eb000 R14: ffff8d25c499b5c0 R15: ffff8d2e31380e18 FS: 0000000000000000(0000) GS:ffff8d2d1fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055fd0484b8b8 CR3: 00000008ffc10006 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: queue_delayed_work_on+0x36/0x40 qedf_elsct_send+0x57/0x60 [qedf] fc_lport_enter_flogi+0x90/0xc0 [libfc] fc_lport_timeout+0xb7/0x140 [libfc] process_one_work+0x1a7/0x360 ? create_worker+0x1a0/0x1a0 worker_thread+0x30/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x116/0x130 ? kthread_flush_work_fn+0x10/0x10 ret_from_fork+0x35/0x40 ---[ end trace 008f00f722f2c2ff ]-- Initialize stag work for all the vports.
AI-Powered Analysis
Technical Analysis
CVE-2022-48825 is a vulnerability identified in the Linux kernel specifically related to the SCSI qedf driver, which handles Fibre Channel over Ethernet (FCoE) functionality. The issue arises from improper initialization of the 'stag work' structure for virtual ports (vports) when creating NPIV (N_Port ID Virtualization) ports. NPIV allows multiple virtual Fibre Channel ports to share a single physical port, commonly used in enterprise storage networking environments. The vulnerability manifests as a kernel warning and call trace during NPIV port creation, where only half of the expected vports (32 out of 64) become active. The root cause is that the stag work, a delayed work item used internally by the qedf driver, was not initialized for all vports, leading to unstable behavior and potential kernel crashes or denial of service. The kernel stack trace included in the description shows the failure occurring in the __queue_delayed_work function within the kernel's workqueue subsystem, triggered by qedf_elsct_send and subsequent Fibre Channel library functions. This indicates that the flaw affects the asynchronous work scheduling mechanism tied to Fibre Channel port management. While no known exploits are reported in the wild, the vulnerability could cause system instability or denial of service on affected Linux systems running the vulnerable qedf driver versions. The issue is resolved by ensuring stag work is properly initialized for all vports, preventing the kernel warning and enabling all NPIV ports to come online as expected. This fix is critical for environments relying on Linux servers with FCoE storage connectivity, particularly in data centers and enterprise storage networks.
Potential Impact
For European organizations, the impact of CVE-2022-48825 primarily concerns enterprises and service providers using Linux servers with Fibre Channel over Ethernet storage infrastructure. Such environments are common in data centers, cloud providers, and large enterprises with SAN (Storage Area Network) deployments. The vulnerability can lead to partial failure of NPIV port initialization, resulting in reduced availability of storage connectivity and potential denial of service conditions on critical servers. This can disrupt business operations, data access, and backup or disaster recovery processes dependent on SAN storage. Although the vulnerability does not appear to allow privilege escalation or remote code execution, the instability and potential kernel crashes could cause significant operational disruptions. Organizations with high-density virtualization or multi-tenant environments using NPIV to isolate storage traffic are particularly at risk. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or targeted attacks exploiting this flaw to cause denial of service. Given the widespread use of Linux in European enterprise and cloud infrastructures, the vulnerability poses a moderate operational risk if not addressed promptly.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions where the stag work initialization for all vports in the qedf driver has been fixed. This involves applying vendor-supplied kernel patches or upgrading to the latest stable kernel releases that include this fix. System administrators should audit their environments to identify Linux hosts using the qedf driver with NPIV configurations and verify kernel versions against the patched releases. In environments where immediate patching is not feasible, temporarily disabling NPIV or limiting the number of vports may reduce exposure, though this impacts functionality. Monitoring kernel logs for the specific warning messages related to __queue_delayed_work and qedf can help detect affected systems. Additionally, organizations should ensure robust backup and recovery procedures are in place to mitigate potential service disruptions. Coordination with hardware vendors (e.g., Dell PowerEdge servers) and storage providers is recommended to confirm compatibility and support for updated kernels. Finally, integrating this vulnerability into vulnerability management and patching workflows will help maintain ongoing protection.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.902Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe62bf
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 10:25:25 PM
Last updated: 8/3/2025, 12:54:17 AM
Views: 11
Related Threats
CVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-55150: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.