CVE-2022-49434: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() The sysfs sriov_numvfs_store() path acquires the device lock before the config space access lock: sriov_numvfs_store device_lock # A (1) acquire device lock sriov_configure vfio_pci_sriov_configure # (for example) vfio_pci_core_sriov_configure pci_disable_sriov sriov_disable pci_cfg_access_lock pci_wait_cfg # B (4) wait for dev->block_cfg_access == 0 Previously, pci_dev_lock() acquired the config space access lock before the device lock: pci_dev_lock pci_cfg_access_lock dev->block_cfg_access = 1 # B (2) set dev->block_cfg_access = 1 device_lock # A (3) wait for device lock Any path that uses pci_dev_lock(), e.g., pci_reset_function(), may deadlock with sriov_numvfs_store() if the operations occur in the sequence (1) (2) (3) (4). Avoid the deadlock by reversing the order in pci_dev_lock() so it acquires the device lock before the config space access lock, the same as the sriov_numvfs_store() path. [bhelgaas: combined and adapted commit log from Jay Zhou's independent subsequent posting: https://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]
AI Analysis
Technical Summary
CVE-2022-49434 is a concurrency vulnerability in the Linux kernel related to the locking order of PCI device locks during SR-IOV (Single Root I/O Virtualization) configuration. The issue arises from a potential deadlock condition between two kernel paths: the sysfs sriov_numvfs_store() function and the pci_dev_lock() function. Specifically, sriov_numvfs_store() acquires the device lock before the PCI config space access lock, while pci_dev_lock() previously acquired these locks in the reverse order (config space access lock before device lock). This inconsistent lock acquisition order can lead to a classic AB/BA deadlock scenario when these functions are invoked concurrently, causing the kernel to hang or stall. The deadlock occurs if one thread holds the device lock and waits for the config space lock, while another thread holds the config space lock and waits for the device lock. The vulnerability affects Linux kernel versions prior to the patch that reversed the lock acquisition order in pci_dev_lock() to match sriov_numvfs_store(), thereby preventing the deadlock. This issue specifically impacts PCI device management involving SR-IOV, which is commonly used in virtualization environments to provide virtual functions of a physical PCI device to multiple virtual machines. Exploitation of this vulnerability requires concurrent operations that trigger these lock acquisitions, potentially causing denial of service (DoS) by kernel deadlock. There is no indication of privilege escalation or data corruption, but system stability and availability can be severely affected. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, especially those running Linux-based servers and virtualization platforms that utilize SR-IOV capable PCI devices (such as network interface cards in data centers and cloud environments), this vulnerability poses a risk of kernel deadlock leading to system hangs or crashes. This can result in denial of service conditions affecting critical infrastructure, cloud services, and enterprise applications. Organizations relying on Linux for virtualization, container orchestration, or high-performance networking may experience service interruptions or degraded performance. The impact is primarily on availability, with potential indirect effects on business continuity and operational efficiency. Since SR-IOV is widely used in telecom, finance, and cloud service providers, the vulnerability could affect sectors critical to European economies. However, exploitation requires specific concurrent operations and administrative privileges to trigger the deadlock, limiting the attack surface to privileged users or automated processes managing PCI device configurations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should promptly apply the Linux kernel patches that reorder the lock acquisition in pci_dev_lock() to match sriov_numvfs_store(), thereby eliminating the deadlock condition. Kernel updates from trusted Linux distributions (e.g., Debian, Ubuntu, Red Hat, SUSE) should be monitored and deployed as soon as they include this fix. Additionally, organizations should audit and control access to sysfs interfaces related to SR-IOV configuration to restrict unprivileged or unauthorized users from triggering sriov_numvfs_store() operations. Implementing strict process and user privilege management around PCI device configuration tools can reduce the risk of accidental or malicious deadlock triggers. Monitoring kernel logs for deadlock symptoms and setting up alerting for system hangs can help in early detection. In environments where immediate patching is not feasible, temporarily disabling SR-IOV or limiting concurrent PCI device configuration operations may reduce exposure. Finally, thorough testing of kernel updates in staging environments is recommended to ensure stability before production deployment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Italy
CVE-2022-49434: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() The sysfs sriov_numvfs_store() path acquires the device lock before the config space access lock: sriov_numvfs_store device_lock # A (1) acquire device lock sriov_configure vfio_pci_sriov_configure # (for example) vfio_pci_core_sriov_configure pci_disable_sriov sriov_disable pci_cfg_access_lock pci_wait_cfg # B (4) wait for dev->block_cfg_access == 0 Previously, pci_dev_lock() acquired the config space access lock before the device lock: pci_dev_lock pci_cfg_access_lock dev->block_cfg_access = 1 # B (2) set dev->block_cfg_access = 1 device_lock # A (3) wait for device lock Any path that uses pci_dev_lock(), e.g., pci_reset_function(), may deadlock with sriov_numvfs_store() if the operations occur in the sequence (1) (2) (3) (4). Avoid the deadlock by reversing the order in pci_dev_lock() so it acquires the device lock before the config space access lock, the same as the sriov_numvfs_store() path. [bhelgaas: combined and adapted commit log from Jay Zhou's independent subsequent posting: https://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]
AI-Powered Analysis
Technical Analysis
CVE-2022-49434 is a concurrency vulnerability in the Linux kernel related to the locking order of PCI device locks during SR-IOV (Single Root I/O Virtualization) configuration. The issue arises from a potential deadlock condition between two kernel paths: the sysfs sriov_numvfs_store() function and the pci_dev_lock() function. Specifically, sriov_numvfs_store() acquires the device lock before the PCI config space access lock, while pci_dev_lock() previously acquired these locks in the reverse order (config space access lock before device lock). This inconsistent lock acquisition order can lead to a classic AB/BA deadlock scenario when these functions are invoked concurrently, causing the kernel to hang or stall. The deadlock occurs if one thread holds the device lock and waits for the config space lock, while another thread holds the config space lock and waits for the device lock. The vulnerability affects Linux kernel versions prior to the patch that reversed the lock acquisition order in pci_dev_lock() to match sriov_numvfs_store(), thereby preventing the deadlock. This issue specifically impacts PCI device management involving SR-IOV, which is commonly used in virtualization environments to provide virtual functions of a physical PCI device to multiple virtual machines. Exploitation of this vulnerability requires concurrent operations that trigger these lock acquisitions, potentially causing denial of service (DoS) by kernel deadlock. There is no indication of privilege escalation or data corruption, but system stability and availability can be severely affected. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, especially those running Linux-based servers and virtualization platforms that utilize SR-IOV capable PCI devices (such as network interface cards in data centers and cloud environments), this vulnerability poses a risk of kernel deadlock leading to system hangs or crashes. This can result in denial of service conditions affecting critical infrastructure, cloud services, and enterprise applications. Organizations relying on Linux for virtualization, container orchestration, or high-performance networking may experience service interruptions or degraded performance. The impact is primarily on availability, with potential indirect effects on business continuity and operational efficiency. Since SR-IOV is widely used in telecom, finance, and cloud service providers, the vulnerability could affect sectors critical to European economies. However, exploitation requires specific concurrent operations and administrative privileges to trigger the deadlock, limiting the attack surface to privileged users or automated processes managing PCI device configurations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should promptly apply the Linux kernel patches that reorder the lock acquisition in pci_dev_lock() to match sriov_numvfs_store(), thereby eliminating the deadlock condition. Kernel updates from trusted Linux distributions (e.g., Debian, Ubuntu, Red Hat, SUSE) should be monitored and deployed as soon as they include this fix. Additionally, organizations should audit and control access to sysfs interfaces related to SR-IOV configuration to restrict unprivileged or unauthorized users from triggering sriov_numvfs_store() operations. Implementing strict process and user privilege management around PCI device configuration tools can reduce the risk of accidental or malicious deadlock triggers. Monitoring kernel logs for deadlock symptoms and setting up alerting for system hangs can help in early detection. In environments where immediate patching is not feasible, temporarily disabling SR-IOV or limiting concurrent PCI device configuration operations may reduce exposure. Finally, thorough testing of kernel updates in staging environments is recommended to ensure stability before production deployment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.570Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5a09
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 7:11:50 AM
Last updated: 7/27/2025, 12:41:10 AM
Views: 10
Related Threats
CVE-2025-55164: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in helmetjs content-security-policy-parser
HighCVE-2025-3089: CWE-639 Authorization Bypass Through User-Controlled Key in ServiceNow ServiceNow AI Platform
MediumCVE-2025-54864: CWE-306: Missing Authentication for Critical Function in NixOS hydra
MediumCVE-2025-54800: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in NixOS hydra
HighCVE-2025-8452: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory in Brother Industries, Ltd HL-L8260CDN
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.