CVE-2022-48985: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->work_done. If the other thread (for example, from busy_poll) sets it to a value >= budget, this thread will continue to run when it should stop, and cause memory corruption and panic. To fix this issue, save the per-CQ work_done variable in a local variable before napi_complete_done(), so it won't be corrupted by a possible concurrent thread after napi_complete_done(). Also, add a flag bit to advertise to the NIC firmware: the NAPI work_done variable race is fixed, so the driver is able to reliably support features like busy_poll.
AI Analysis
Technical Summary
CVE-2022-48985 is a concurrency vulnerability in the Linux kernel's network stack, specifically within the 'mana' driver component that handles network packet processing using the NAPI (New API) mechanism. The flaw arises from a race condition on the per-Completion Queue (per-CQ) variable 'work_done' during the execution of napi_complete_done(). When napi_complete_done() is called, it may clear the NAPIF_STATE_SCHED bit, allowing another CPU to start a NAPI thread that accesses and modifies the same per-CQ variable concurrently. If this concurrent thread, such as one triggered by busy_poll, sets 'work_done' to a value greater than or equal to the processing budget, the original thread may erroneously continue processing when it should stop. This leads to memory corruption and can cause a kernel panic, resulting in denial of service. The fix involves saving the per-CQ 'work_done' variable locally before calling napi_complete_done(), preventing corruption from concurrent access. Additionally, a flag bit was added to inform the NIC firmware that the race condition is fixed, enabling reliable support for features like busy_poll. This vulnerability affects specific Linux kernel versions identified by commit hashes and was publicly disclosed on October 21, 2024. No known exploits are reported in the wild yet, and no CVSS score has been assigned.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with the 'mana' network driver enabled. The impact includes potential system crashes (kernel panics) due to memory corruption, leading to denial of service conditions. This can disrupt critical network services, especially in environments relying on high-performance networking features like busy_poll, which are often used in data centers, telecommunications infrastructure, and cloud providers. Organizations operating Linux-based servers, network appliances, or embedded systems in sectors such as finance, healthcare, and government could face operational interruptions. While no remote code execution or privilege escalation is indicated, the denial of service can still have significant operational and reputational consequences. The absence of known exploits reduces immediate risk, but the vulnerability's nature suggests it could be targeted in the future, especially in high-value environments.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2022-48985. Since the vulnerability is in the kernel's network stack, kernel patching is the most effective mitigation. For environments where immediate patching is challenging, temporarily disabling or limiting the use of features like busy_poll that interact with the affected code path can reduce exposure. Network administrators should audit systems to identify those running affected kernel versions and the 'mana' driver. Monitoring for unusual kernel panics or network disruptions can help detect exploitation attempts. Additionally, organizations should coordinate with NIC firmware vendors to ensure firmware is updated to recognize the new flag bit indicating the race condition fix, ensuring stable operation. Implementing robust system monitoring and maintaining up-to-date backups will aid in recovery if denial of service occurs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-48985: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->work_done. If the other thread (for example, from busy_poll) sets it to a value >= budget, this thread will continue to run when it should stop, and cause memory corruption and panic. To fix this issue, save the per-CQ work_done variable in a local variable before napi_complete_done(), so it won't be corrupted by a possible concurrent thread after napi_complete_done(). Also, add a flag bit to advertise to the NIC firmware: the NAPI work_done variable race is fixed, so the driver is able to reliably support features like busy_poll.
AI-Powered Analysis
Technical Analysis
CVE-2022-48985 is a concurrency vulnerability in the Linux kernel's network stack, specifically within the 'mana' driver component that handles network packet processing using the NAPI (New API) mechanism. The flaw arises from a race condition on the per-Completion Queue (per-CQ) variable 'work_done' during the execution of napi_complete_done(). When napi_complete_done() is called, it may clear the NAPIF_STATE_SCHED bit, allowing another CPU to start a NAPI thread that accesses and modifies the same per-CQ variable concurrently. If this concurrent thread, such as one triggered by busy_poll, sets 'work_done' to a value greater than or equal to the processing budget, the original thread may erroneously continue processing when it should stop. This leads to memory corruption and can cause a kernel panic, resulting in denial of service. The fix involves saving the per-CQ 'work_done' variable locally before calling napi_complete_done(), preventing corruption from concurrent access. Additionally, a flag bit was added to inform the NIC firmware that the race condition is fixed, enabling reliable support for features like busy_poll. This vulnerability affects specific Linux kernel versions identified by commit hashes and was publicly disclosed on October 21, 2024. No known exploits are reported in the wild yet, and no CVSS score has been assigned.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with the 'mana' network driver enabled. The impact includes potential system crashes (kernel panics) due to memory corruption, leading to denial of service conditions. This can disrupt critical network services, especially in environments relying on high-performance networking features like busy_poll, which are often used in data centers, telecommunications infrastructure, and cloud providers. Organizations operating Linux-based servers, network appliances, or embedded systems in sectors such as finance, healthcare, and government could face operational interruptions. While no remote code execution or privilege escalation is indicated, the denial of service can still have significant operational and reputational consequences. The absence of known exploits reduces immediate risk, but the vulnerability's nature suggests it could be targeted in the future, especially in high-value environments.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2022-48985. Since the vulnerability is in the kernel's network stack, kernel patching is the most effective mitigation. For environments where immediate patching is challenging, temporarily disabling or limiting the use of features like busy_poll that interact with the affected code path can reduce exposure. Network administrators should audit systems to identify those running affected kernel versions and the 'mana' driver. Monitoring for unusual kernel panics or network disruptions can help detect exploitation attempts. Additionally, organizations should coordinate with NIC firmware vendors to ensure firmware is updated to recognize the new flag bit indicating the race condition fix, ensuring stable operation. Implementing robust system monitoring and maintaining up-to-date backups will aid in recovery if denial of service occurs.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-22T01:27:53.633Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe6813
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 12:54:41 AM
Last updated: 8/5/2025, 12:36:37 AM
Views: 19
Related Threats
CVE-2025-8741: Cleartext Transmission of Sensitive Information in macrozheng mall
MediumCVE-2025-8740: Cross Site Scripting in zhenfeng13 My-Blog
MediumCVE-2025-8739: Cross-Site Request Forgery in zhenfeng13 My-Blog
MediumCVE-2025-8738: Information Disclosure in zlt2000 microservices-platform
MediumCVE-2025-8737: Open Redirect in zlt2000 microservices-platform
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.