CVE-2022-49118 is a vulnerability identified in the Linux kernel specifically affecting the hisi_sas driver, which is responsible for handling certain SAS (Serial Attached SCSI) hardware, particularly the v3 hardware variant. The vulnerability arises from improper handling of IRQ (Interrupt Request) vectors during the driver's probe process. If the driver fails to request the channel IRQ or a fatal IRQ, it incorrectly frees IRQ vectors before freeing the IRQs themselves in the free_irq() function. This incorrect order of freeing resources leads to a kernel BUG, causing an internal kernel error and a system crash (kernel oops). The error trace points to a failure in free_msi_irqs and pci_disable_msi functions, which are involved in managing MSI (Message Signaled Interrupts) IRQ vectors. The root cause is a resource management flaw where the IRQ vectors are freed prematurely, leading to instability in the kernel. The fix implemented involves using devm_add_action() to ensure the proper order of freeing IRQ vectors and IRQs, preventing the kernel BUG and maintaining system stability. This vulnerability is specific to certain versions of the Linux kernel containing the affected hisi_sas driver code and is not known to have any exploits in the wild at the time of publication. The vulnerability does not have an assigned CVSS score yet.

For European organizations, this vulnerability can lead to system instability and unexpected kernel crashes on Linux systems using the affected hisi_sas driver with v3 SAS hardware. This can result in denial of service conditions, particularly impacting servers and storage systems that rely on SAS devices for critical data operations. Organizations in sectors such as finance, telecommunications, cloud service providers, and data centers that deploy Linux servers with this hardware may experience service disruptions, data unavailability, and potential operational downtime. While this vulnerability does not directly lead to privilege escalation or data leakage, the resulting kernel panic can cause loss of availability and may require system reboots, impacting business continuity. Additionally, repeated crashes could lead to hardware stress or data corruption if not properly managed. Since the vulnerability is related to hardware driver management, it is more likely to affect environments with specific hardware configurations, limiting its scope but increasing the impact on affected systems.

European organizations should first identify if their Linux systems use the hisi_sas driver with v3 SAS hardware. This can be done by auditing hardware inventories and kernel module usage. Systems running affected kernel versions should be updated promptly with the patched kernel version that includes the fix using devm_add_action() to manage IRQ vector freeing order. If immediate patching is not possible, organizations should consider isolating affected systems from critical production workloads or implementing monitoring to detect kernel oops and crashes related to this driver. Additionally, organizations should ensure robust backup and recovery procedures are in place to mitigate potential data loss from unexpected reboots. For environments using custom or embedded Linux kernels, developers should backport the fix to their kernel versions. Network segmentation and limiting access to critical Linux servers can reduce the risk of exploitation attempts. Finally, maintaining up-to-date kernel and driver documentation and subscribing to Linux kernel security advisories will help organizations stay informed about further developments.