CVE-2022-49158: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with the expected type. Add additional translation of one error code type to another. WARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498 qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] CPU: 2 PID: 1131623 Comm: drmgr Not tainted 5.13.0-rc1-autotest #1 .. GPR28: c000000aaa9c8890 c0080000079ab678 c00000140a104800 c00000002bd19000 NIP [c00800000790857c] qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] LR [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] Call Trace: [c00000001cdc3620] [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] (unreliable) [c00000001cdc3710] [c0080000078f3080] __qla2x00_abort_all_cmds+0x1b8/0x580 [qla2xxx] [c00000001cdc3840] [c0080000078f589c] qla2x00_abort_all_cmds+0x34/0xd0 [qla2xxx] [c00000001cdc3880] [c0080000079153d8] qla2x00_abort_isp_cleanup+0x3f0/0x570 [qla2xxx] [c00000001cdc3920] [c0080000078fb7e8] qla2x00_remove_one+0x3d0/0x480 [qla2xxx] [c00000001cdc39b0] [c00000000071c274] pci_device_remove+0x64/0x120 [c00000001cdc39f0] [c0000000007fb818] device_release_driver_internal+0x168/0x2a0 [c00000001cdc3a30] [c00000000070e304] pci_stop_bus_device+0xb4/0x100 [c00000001cdc3a70] [c00000000070e4f0] pci_stop_and_remove_bus_device+0x20/0x40 [c00000001cdc3aa0] [c000000000073940] pci_hp_remove_devices+0x90/0x130 [c00000001cdc3b30] [c0080000070704d0] disable_slot+0x38/0x90 [rpaphp] [ c00000001cdc3b60] [c00000000073eb4c] power_write_file+0xcc/0x180 [c00000001cdc3be0] [c0000000007354bc] pci_slot_attr_store+0x3c/0x60 [c00000001cdc3c00] [c00000000055f820] sysfs_kf_write+0x60/0x80 [c00000001cdc3c20] [c00000000055df10] kernfs_fop_write_iter+0x1a0/0x290 [c00000001cdc3c70] [c000000000447c4c] new_sync_write+0x14c/0x1d0 [c00000001cdc3d10] [c00000000044b134] vfs_write+0x224/0x330 [c00000001cdc3d60] [c00000000044b3f4] ksys_write+0x74/0x130 [c00000001cdc3db0] [c00000000002df70] system_call_exception+0x150/0x2d0 [c00000001cdc3e10] [c00000000000d45c] system_call_common+0xec/0x278
AI Analysis
Technical Summary
CVE-2022-49158 is a vulnerability identified in the Linux kernel specifically within the qla2xxx SCSI driver, which is used for managing QLogic Fibre Channel Host Bus Adapters (HBAs). The issue arises from improper handling of error code translations during the processing of asynchronous ADISC (Address Discovery) responses. The vulnerability manifests as a kernel warning triggered when the driver encounters a mismatch between expected and actual error code types during the flushing of ADISC commands. This warning is generated in the function qla2x00_async_adisc_sp_done, which handles completion of asynchronous ADISC service parameters. The root cause is that the driver did not correctly translate one error code type to another, leading to a warning message and potentially unstable behavior. The call trace indicates that this can lead to aborting all commands and device removal sequences, which could cause disruptions in SCSI device operations. Although the vulnerability does not appear to allow direct code execution or privilege escalation, the improper error handling could lead to denial of service conditions by causing device resets or driver instability. The vulnerability affects Linux kernel versions including the 5.13.0-rc1-autotest and likely other versions using the vulnerable qla2xxx driver. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The fix involves adding additional translation logic for error codes to prevent the warning and ensure proper error handling.
Potential Impact
For European organizations, especially those relying on Linux servers with QLogic Fibre Channel HBAs for storage area networks (SANs), this vulnerability could cause intermittent disruptions or denial of service conditions. Such disruptions could affect critical storage access, impacting data availability and business continuity. Organizations in sectors with high dependency on SANs, such as finance, healthcare, telecommunications, and manufacturing, may experience operational impacts if their Linux systems use the affected driver. Although the vulnerability does not appear to allow unauthorized access or data breaches, the potential for device resets and command aborts could lead to service interruptions, degraded performance, or system instability. This is particularly relevant for data centers and cloud providers in Europe that deploy Linux-based infrastructure with QLogic HBAs. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or accidental triggering of the issue during normal operations.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where the qla2xxx driver has been patched to correctly handle ADISC error code translations. Kernel upgrades should be tested in staging environments to ensure compatibility with existing storage infrastructure. Additionally, organizations should monitor system logs for warning messages related to qla2xxx and ADISC flushing, which may indicate attempts to trigger the vulnerability or underlying hardware issues. Implementing robust monitoring and alerting on SCSI driver warnings can help detect early signs of instability. For environments where immediate kernel updates are not feasible, consider isolating affected systems or limiting workloads that heavily depend on QLogic HBAs until patches can be applied. Engaging with hardware vendors for firmware updates or driver patches may also provide additional stability. Finally, maintaining regular backups and disaster recovery plans will mitigate the impact of any unexpected service disruptions caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Poland
CVE-2022-49158: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with the expected type. Add additional translation of one error code type to another. WARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498 qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] CPU: 2 PID: 1131623 Comm: drmgr Not tainted 5.13.0-rc1-autotest #1 .. GPR28: c000000aaa9c8890 c0080000079ab678 c00000140a104800 c00000002bd19000 NIP [c00800000790857c] qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] LR [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] Call Trace: [c00000001cdc3620] [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] (unreliable) [c00000001cdc3710] [c0080000078f3080] __qla2x00_abort_all_cmds+0x1b8/0x580 [qla2xxx] [c00000001cdc3840] [c0080000078f589c] qla2x00_abort_all_cmds+0x34/0xd0 [qla2xxx] [c00000001cdc3880] [c0080000079153d8] qla2x00_abort_isp_cleanup+0x3f0/0x570 [qla2xxx] [c00000001cdc3920] [c0080000078fb7e8] qla2x00_remove_one+0x3d0/0x480 [qla2xxx] [c00000001cdc39b0] [c00000000071c274] pci_device_remove+0x64/0x120 [c00000001cdc39f0] [c0000000007fb818] device_release_driver_internal+0x168/0x2a0 [c00000001cdc3a30] [c00000000070e304] pci_stop_bus_device+0xb4/0x100 [c00000001cdc3a70] [c00000000070e4f0] pci_stop_and_remove_bus_device+0x20/0x40 [c00000001cdc3aa0] [c000000000073940] pci_hp_remove_devices+0x90/0x130 [c00000001cdc3b30] [c0080000070704d0] disable_slot+0x38/0x90 [rpaphp] [ c00000001cdc3b60] [c00000000073eb4c] power_write_file+0xcc/0x180 [c00000001cdc3be0] [c0000000007354bc] pci_slot_attr_store+0x3c/0x60 [c00000001cdc3c00] [c00000000055f820] sysfs_kf_write+0x60/0x80 [c00000001cdc3c20] [c00000000055df10] kernfs_fop_write_iter+0x1a0/0x290 [c00000001cdc3c70] [c000000000447c4c] new_sync_write+0x14c/0x1d0 [c00000001cdc3d10] [c00000000044b134] vfs_write+0x224/0x330 [c00000001cdc3d60] [c00000000044b3f4] ksys_write+0x74/0x130 [c00000001cdc3db0] [c00000000002df70] system_call_exception+0x150/0x2d0 [c00000001cdc3e10] [c00000000000d45c] system_call_common+0xec/0x278
AI-Powered Analysis
Technical Analysis
CVE-2022-49158 is a vulnerability identified in the Linux kernel specifically within the qla2xxx SCSI driver, which is used for managing QLogic Fibre Channel Host Bus Adapters (HBAs). The issue arises from improper handling of error code translations during the processing of asynchronous ADISC (Address Discovery) responses. The vulnerability manifests as a kernel warning triggered when the driver encounters a mismatch between expected and actual error code types during the flushing of ADISC commands. This warning is generated in the function qla2x00_async_adisc_sp_done, which handles completion of asynchronous ADISC service parameters. The root cause is that the driver did not correctly translate one error code type to another, leading to a warning message and potentially unstable behavior. The call trace indicates that this can lead to aborting all commands and device removal sequences, which could cause disruptions in SCSI device operations. Although the vulnerability does not appear to allow direct code execution or privilege escalation, the improper error handling could lead to denial of service conditions by causing device resets or driver instability. The vulnerability affects Linux kernel versions including the 5.13.0-rc1-autotest and likely other versions using the vulnerable qla2xxx driver. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The fix involves adding additional translation logic for error codes to prevent the warning and ensure proper error handling.
Potential Impact
For European organizations, especially those relying on Linux servers with QLogic Fibre Channel HBAs for storage area networks (SANs), this vulnerability could cause intermittent disruptions or denial of service conditions. Such disruptions could affect critical storage access, impacting data availability and business continuity. Organizations in sectors with high dependency on SANs, such as finance, healthcare, telecommunications, and manufacturing, may experience operational impacts if their Linux systems use the affected driver. Although the vulnerability does not appear to allow unauthorized access or data breaches, the potential for device resets and command aborts could lead to service interruptions, degraded performance, or system instability. This is particularly relevant for data centers and cloud providers in Europe that deploy Linux-based infrastructure with QLogic HBAs. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or accidental triggering of the issue during normal operations.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where the qla2xxx driver has been patched to correctly handle ADISC error code translations. Kernel upgrades should be tested in staging environments to ensure compatibility with existing storage infrastructure. Additionally, organizations should monitor system logs for warning messages related to qla2xxx and ADISC flushing, which may indicate attempts to trigger the vulnerability or underlying hardware issues. Implementing robust monitoring and alerting on SCSI driver warnings can help detect early signs of instability. For environments where immediate kernel updates are not feasible, consider isolating affected systems or limiting workloads that heavily depend on QLogic HBAs until patches can be applied. Engaging with hardware vendors for firmware updates or driver patches may also provide additional stability. Finally, maintaining regular backups and disaster recovery plans will mitigate the impact of any unexpected service disruptions caused by this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.276Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe50b8
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 3:39:47 AM
Last updated: 8/5/2025, 10:23:11 AM
Views: 11
Related Threats
CVE-2025-8932: SQL Injection in 1000 Projects Sales Management System
MediumCVE-2025-8931: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-8930: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-50610: n/a
HighCVE-2025-50609: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.