CVE-2022-49217: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seeing the ccb with a non-zero n_elem resulting in the execution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(), causing a crash such as: [ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280 [ 197.700204] RSP: 0018:ffff889bbcf89c88 EFLAGS: 00010012 [ 197.705485] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83d0bda0 [ 197.712687] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff88810dffc0d0 [ 197.719887] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8881c790098b [ 197.727089] R10: ffffed1038f20131 R11: 0000000000000001 R12: 0000000000000000 [ 197.734296] R13: ffff88810dffc0d0 R14: 0000000000000010 R15: 0000000000000000 [ 197.741493] FS: 0000000000000000(0000) GS:ffff889bbcf80000(0000) knlGS:0000000000000000 [ 197.749659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.755459] CR2: 00007f16c1b42734 CR3: 0000000004814000 CR4: 0000000000350ee0 [ 197.762656] Call Trace: [ 197.765127] <IRQ> [ 197.767162] pm8001_ccb_task_free+0x5f1/0x820 [pm80xx] [ 197.772364] ? do_raw_spin_unlock+0x54/0x220 [ 197.776680] pm8001_mpi_task_abort_resp+0x2ce/0x4f0 [pm80xx] [ 197.782406] process_oq+0xe85/0x7890 [pm80xx] [ 197.786817] ? lock_acquire+0x194/0x490 [ 197.790697] ? handle_irq_event+0x10e/0x1b0 [ 197.794920] ? mpi_sata_completion+0x2d70/0x2d70 [pm80xx] [ 197.800378] ? __wake_up_bit+0x100/0x100 [ 197.804340] ? lock_is_held_type+0x98/0x110 [ 197.808565] pm80xx_chip_isr+0x94/0x130 [pm80xx] [ 197.813243] tasklet_action_common.constprop.0+0x24b/0x2f0 [ 197.818785] __do_softirq+0x1b5/0x82d [ 197.822485] ? do_raw_spin_unlock+0x54/0x220 [ 197.826799] __irq_exit_rcu+0x17e/0x1e0 [ 197.830678] irq_exit_rcu+0xa/0x20 [ 197.834114] common_interrupt+0x78/0x90 [ 197.840051] </IRQ> [ 197.844236] <TASK> [ 197.848397] asm_common_interrupt+0x1e/0x40 Avoid this issue by always initializing the ccb n_elem field to 0 in pm8001_send_abort_all(), pm8001_send_read_log() and pm80xx_send_abort_all().
AI Analysis
Technical Summary
CVE-2022-49217 is a vulnerability identified in the Linux kernel, specifically within the pm8001 driver, which handles SCSI (Small Computer System Interface) devices. The flaw arises from improper initialization of the 'n_elem' field in the Command Control Block (CCB) structure used during abort operations. In the function pm80xx_send_abort_all(), the 'n_elem' field is not initialized to zero, which can lead to the task completion path interpreting this field as non-zero. Consequently, this causes invalid calls to dma_unmap_sg() within the pm8001_ccb_task_free() function. These invalid calls can trigger kernel crashes, as evidenced by the kernel panic and stack trace logs provided. The root cause is a missing initialization step, which was addressed by ensuring that the 'n_elem' field is always set to zero in pm8001_send_abort_all(), pm8001_send_read_log(), and pm80xx_send_abort_all() functions. This vulnerability affects specific Linux kernel versions identified by the commit hash c6b9ef5779c3e1edfa9de949d2a51252bc347663. The issue does not appear to have known exploits in the wild yet, and no CVSS score has been assigned. The vulnerability primarily impacts systems using the pm8001 SCSI driver, which is common in storage controllers interfacing with SAS (Serial Attached SCSI) devices. Exploitation results in denial of service (DoS) through kernel crashes, potentially affecting system availability and stability.
Potential Impact
For European organizations, the impact of CVE-2022-49217 is primarily related to system availability and operational continuity. Organizations relying on Linux servers with pm8001 driver-enabled storage controllers may experience unexpected kernel panics leading to system crashes and downtime. This can disrupt critical services, especially in data centers, cloud providers, and enterprises with heavy storage workloads. The vulnerability does not directly expose confidentiality or integrity risks but can indirectly affect business operations due to service interruptions. Industries such as finance, healthcare, telecommunications, and manufacturing in Europe, which often depend on Linux-based infrastructure for storage and compute, could face operational challenges if affected systems are exploited or encounter this bug. Since the vulnerability requires interaction with the SCSI driver and involves kernel-level operations, exploitation would likely require local access or privileged operations, limiting remote attack vectors but increasing risk from insider threats or compromised local accounts.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to versions where this vulnerability is fixed, specifically those including the commit that initializes the 'n_elem' field properly. System administrators should audit their environments to identify Linux systems using the pm8001 driver, particularly those managing SAS storage devices. Where immediate patching is not feasible, organizations can consider temporarily disabling or unloading the pm8001 driver if storage configurations allow, to mitigate risk. Monitoring kernel logs for signs of related crashes or abnormal behavior can help detect exploitation attempts or system instability. Additionally, enforcing strict access controls and limiting privileged user accounts reduces the risk of local exploitation. Incorporating kernel crash dump analysis into incident response procedures will aid in rapid diagnosis and remediation. Finally, organizations should maintain up-to-date backups and ensure high availability configurations to minimize downtime impact from potential crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49217: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seeing the ccb with a non-zero n_elem resulting in the execution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(), causing a crash such as: [ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280 [ 197.700204] RSP: 0018:ffff889bbcf89c88 EFLAGS: 00010012 [ 197.705485] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83d0bda0 [ 197.712687] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff88810dffc0d0 [ 197.719887] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8881c790098b [ 197.727089] R10: ffffed1038f20131 R11: 0000000000000001 R12: 0000000000000000 [ 197.734296] R13: ffff88810dffc0d0 R14: 0000000000000010 R15: 0000000000000000 [ 197.741493] FS: 0000000000000000(0000) GS:ffff889bbcf80000(0000) knlGS:0000000000000000 [ 197.749659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.755459] CR2: 00007f16c1b42734 CR3: 0000000004814000 CR4: 0000000000350ee0 [ 197.762656] Call Trace: [ 197.765127] <IRQ> [ 197.767162] pm8001_ccb_task_free+0x5f1/0x820 [pm80xx] [ 197.772364] ? do_raw_spin_unlock+0x54/0x220 [ 197.776680] pm8001_mpi_task_abort_resp+0x2ce/0x4f0 [pm80xx] [ 197.782406] process_oq+0xe85/0x7890 [pm80xx] [ 197.786817] ? lock_acquire+0x194/0x490 [ 197.790697] ? handle_irq_event+0x10e/0x1b0 [ 197.794920] ? mpi_sata_completion+0x2d70/0x2d70 [pm80xx] [ 197.800378] ? __wake_up_bit+0x100/0x100 [ 197.804340] ? lock_is_held_type+0x98/0x110 [ 197.808565] pm80xx_chip_isr+0x94/0x130 [pm80xx] [ 197.813243] tasklet_action_common.constprop.0+0x24b/0x2f0 [ 197.818785] __do_softirq+0x1b5/0x82d [ 197.822485] ? do_raw_spin_unlock+0x54/0x220 [ 197.826799] __irq_exit_rcu+0x17e/0x1e0 [ 197.830678] irq_exit_rcu+0xa/0x20 [ 197.834114] common_interrupt+0x78/0x90 [ 197.840051] </IRQ> [ 197.844236] <TASK> [ 197.848397] asm_common_interrupt+0x1e/0x40 Avoid this issue by always initializing the ccb n_elem field to 0 in pm8001_send_abort_all(), pm8001_send_read_log() and pm80xx_send_abort_all().
AI-Powered Analysis
Technical Analysis
CVE-2022-49217 is a vulnerability identified in the Linux kernel, specifically within the pm8001 driver, which handles SCSI (Small Computer System Interface) devices. The flaw arises from improper initialization of the 'n_elem' field in the Command Control Block (CCB) structure used during abort operations. In the function pm80xx_send_abort_all(), the 'n_elem' field is not initialized to zero, which can lead to the task completion path interpreting this field as non-zero. Consequently, this causes invalid calls to dma_unmap_sg() within the pm8001_ccb_task_free() function. These invalid calls can trigger kernel crashes, as evidenced by the kernel panic and stack trace logs provided. The root cause is a missing initialization step, which was addressed by ensuring that the 'n_elem' field is always set to zero in pm8001_send_abort_all(), pm8001_send_read_log(), and pm80xx_send_abort_all() functions. This vulnerability affects specific Linux kernel versions identified by the commit hash c6b9ef5779c3e1edfa9de949d2a51252bc347663. The issue does not appear to have known exploits in the wild yet, and no CVSS score has been assigned. The vulnerability primarily impacts systems using the pm8001 SCSI driver, which is common in storage controllers interfacing with SAS (Serial Attached SCSI) devices. Exploitation results in denial of service (DoS) through kernel crashes, potentially affecting system availability and stability.
Potential Impact
For European organizations, the impact of CVE-2022-49217 is primarily related to system availability and operational continuity. Organizations relying on Linux servers with pm8001 driver-enabled storage controllers may experience unexpected kernel panics leading to system crashes and downtime. This can disrupt critical services, especially in data centers, cloud providers, and enterprises with heavy storage workloads. The vulnerability does not directly expose confidentiality or integrity risks but can indirectly affect business operations due to service interruptions. Industries such as finance, healthcare, telecommunications, and manufacturing in Europe, which often depend on Linux-based infrastructure for storage and compute, could face operational challenges if affected systems are exploited or encounter this bug. Since the vulnerability requires interaction with the SCSI driver and involves kernel-level operations, exploitation would likely require local access or privileged operations, limiting remote attack vectors but increasing risk from insider threats or compromised local accounts.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to versions where this vulnerability is fixed, specifically those including the commit that initializes the 'n_elem' field properly. System administrators should audit their environments to identify Linux systems using the pm8001 driver, particularly those managing SAS storage devices. Where immediate patching is not feasible, organizations can consider temporarily disabling or unloading the pm8001 driver if storage configurations allow, to mitigate risk. Monitoring kernel logs for signs of related crashes or abnormal behavior can help detect exploitation attempts or system instability. Additionally, enforcing strict access controls and limiting privileged user accounts reduces the risk of local exploitation. Incorporating kernel crash dump analysis into incident response procedures will aid in rapid diagnosis and remediation. Finally, organizations should maintain up-to-date backups and ensure high availability configurations to minimize downtime impact from potential crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.292Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe52dc
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 4:25:40 AM
Last updated: 7/29/2025, 2:52:09 AM
Views: 11
Related Threats
CVE-2025-8989: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8988: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8987: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8986: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-31987: CWE-405 Asymmetric Resource Consumption in HCL Software Connections Docs
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.