CVE-2022-49606: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix sleep from invalid context BUG Taking the qos_mutex to process RoCEv2 QP's on netdev events causes a kernel splat. Fix this by removing the handling for RoCEv2 in irdma_cm_teardown_connections that uses the mutex. This handling is only needed for iWARP to avoid having connections established while the link is down or having connections remain functional after the IP address is removed. BUG: sleeping function called from invalid context at kernel/locking/mutex. Call Trace: kernel: dump_stack+0x66/0x90 kernel: ___might_sleep.cold.92+0x8d/0x9a kernel: mutex_lock+0x1c/0x40 kernel: irdma_cm_teardown_connections+0x28e/0x4d0 [irdma] kernel: ? check_preempt_curr+0x7a/0x90 kernel: ? select_idle_sibling+0x22/0x3c0 kernel: ? select_task_rq_fair+0x94c/0xc90 kernel: ? irdma_exec_cqp_cmd+0xc27/0x17c0 [irdma] kernel: ? __wake_up_common+0x7a/0x190 kernel: irdma_if_notify+0x3cc/0x450 [irdma] kernel: ? sched_clock_cpu+0xc/0xb0 kernel: irdma_inet6addr_event+0xc6/0x150 [irdma]
AI Analysis
Technical Summary
CVE-2022-49606 is a vulnerability identified in the Linux kernel specifically related to the RDMA (Remote Direct Memory Access) subsystem, more precisely the iRDMA driver component handling RoCEv2 (RDMA over Converged Ethernet version 2) queue pairs (QPs) on network device events. The vulnerability arises from improper handling of the qos_mutex lock during teardown of RoCEv2 connections. The kernel code attempts to acquire a mutex lock in an invalid context where sleeping is not allowed, leading to a kernel BUG triggered by a sleeping function call from an invalid context. This results in a kernel panic or 'kernel splat,' causing a denial of service (DoS) condition. The root cause is that the iRDMA driver incorrectly applies connection teardown logic meant for iWARP (Internet Wide Area RDMA Protocol) to RoCEv2 connections, which do not require this mutex handling. The fix involves removing the mutex-based handling for RoCEv2 in the irdma_cm_teardown_connections function, preventing the kernel from attempting to sleep in atomic contexts. This vulnerability affects Linux kernel versions containing the affected iRDMA code prior to the patch and can cause system instability or crashes when network events related to RoCEv2 QPs occur. There are no known exploits in the wild currently, and no CVSS score has been assigned yet. The vulnerability impacts kernel stability and availability but does not directly expose confidentiality or integrity risks. The issue is technical and specific to environments using RDMA over Ethernet with the iRDMA driver, which is common in high-performance computing and data center environments.
Potential Impact
For European organizations, particularly those operating data centers, cloud infrastructure, or high-performance computing clusters using Linux servers with RDMA capabilities, this vulnerability poses a risk of unexpected kernel crashes leading to denial of service. This can disrupt critical services, degrade system availability, and cause operational downtime. Industries such as telecommunications, financial services, research institutions, and cloud service providers that rely on RDMA for low-latency, high-throughput networking may experience service interruptions. Although the vulnerability does not directly compromise data confidentiality or integrity, the resulting system instability can impact business continuity and service level agreements. Additionally, recovery from kernel panics may require manual intervention or system reboots, increasing operational costs and potential data loss in volatile memory. Since RDMA is often used in clustered storage and database environments, the vulnerability could indirectly affect data availability and performance. European organizations with stringent uptime requirements and regulatory compliance obligations (e.g., GDPR mandates on service availability) need to address this vulnerability promptly to avoid operational and reputational damage.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-49606 as soon as they are released and tested in your environment. Monitor Linux kernel mailing lists and vendor advisories for updated kernel versions containing the fix. 2. For environments where immediate patching is not feasible, consider disabling the iRDMA driver or RoCEv2 support temporarily if RDMA functionality is not critical, to prevent triggering the vulnerability. 3. Implement robust monitoring of kernel logs and system stability to detect early signs of kernel panics or mutex-related errors associated with the iRDMA driver. 4. Use kernel live patching technologies where supported to apply fixes without requiring full system reboots, minimizing downtime. 5. Review and harden network device event handling and RDMA configuration to ensure that only trusted and necessary RDMA connections are established, reducing exposure. 6. Maintain up-to-date backups and disaster recovery plans to mitigate the impact of potential service disruptions caused by kernel crashes. 7. Engage with Linux distribution vendors for backported patches and support, especially for enterprise Linux distributions commonly used in Europe.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland, Belgium, Italy
CVE-2022-49606: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix sleep from invalid context BUG Taking the qos_mutex to process RoCEv2 QP's on netdev events causes a kernel splat. Fix this by removing the handling for RoCEv2 in irdma_cm_teardown_connections that uses the mutex. This handling is only needed for iWARP to avoid having connections established while the link is down or having connections remain functional after the IP address is removed. BUG: sleeping function called from invalid context at kernel/locking/mutex. Call Trace: kernel: dump_stack+0x66/0x90 kernel: ___might_sleep.cold.92+0x8d/0x9a kernel: mutex_lock+0x1c/0x40 kernel: irdma_cm_teardown_connections+0x28e/0x4d0 [irdma] kernel: ? check_preempt_curr+0x7a/0x90 kernel: ? select_idle_sibling+0x22/0x3c0 kernel: ? select_task_rq_fair+0x94c/0xc90 kernel: ? irdma_exec_cqp_cmd+0xc27/0x17c0 [irdma] kernel: ? __wake_up_common+0x7a/0x190 kernel: irdma_if_notify+0x3cc/0x450 [irdma] kernel: ? sched_clock_cpu+0xc/0xb0 kernel: irdma_inet6addr_event+0xc6/0x150 [irdma]
AI-Powered Analysis
Technical Analysis
CVE-2022-49606 is a vulnerability identified in the Linux kernel specifically related to the RDMA (Remote Direct Memory Access) subsystem, more precisely the iRDMA driver component handling RoCEv2 (RDMA over Converged Ethernet version 2) queue pairs (QPs) on network device events. The vulnerability arises from improper handling of the qos_mutex lock during teardown of RoCEv2 connections. The kernel code attempts to acquire a mutex lock in an invalid context where sleeping is not allowed, leading to a kernel BUG triggered by a sleeping function call from an invalid context. This results in a kernel panic or 'kernel splat,' causing a denial of service (DoS) condition. The root cause is that the iRDMA driver incorrectly applies connection teardown logic meant for iWARP (Internet Wide Area RDMA Protocol) to RoCEv2 connections, which do not require this mutex handling. The fix involves removing the mutex-based handling for RoCEv2 in the irdma_cm_teardown_connections function, preventing the kernel from attempting to sleep in atomic contexts. This vulnerability affects Linux kernel versions containing the affected iRDMA code prior to the patch and can cause system instability or crashes when network events related to RoCEv2 QPs occur. There are no known exploits in the wild currently, and no CVSS score has been assigned yet. The vulnerability impacts kernel stability and availability but does not directly expose confidentiality or integrity risks. The issue is technical and specific to environments using RDMA over Ethernet with the iRDMA driver, which is common in high-performance computing and data center environments.
Potential Impact
For European organizations, particularly those operating data centers, cloud infrastructure, or high-performance computing clusters using Linux servers with RDMA capabilities, this vulnerability poses a risk of unexpected kernel crashes leading to denial of service. This can disrupt critical services, degrade system availability, and cause operational downtime. Industries such as telecommunications, financial services, research institutions, and cloud service providers that rely on RDMA for low-latency, high-throughput networking may experience service interruptions. Although the vulnerability does not directly compromise data confidentiality or integrity, the resulting system instability can impact business continuity and service level agreements. Additionally, recovery from kernel panics may require manual intervention or system reboots, increasing operational costs and potential data loss in volatile memory. Since RDMA is often used in clustered storage and database environments, the vulnerability could indirectly affect data availability and performance. European organizations with stringent uptime requirements and regulatory compliance obligations (e.g., GDPR mandates on service availability) need to address this vulnerability promptly to avoid operational and reputational damage.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-49606 as soon as they are released and tested in your environment. Monitor Linux kernel mailing lists and vendor advisories for updated kernel versions containing the fix. 2. For environments where immediate patching is not feasible, consider disabling the iRDMA driver or RoCEv2 support temporarily if RDMA functionality is not critical, to prevent triggering the vulnerability. 3. Implement robust monitoring of kernel logs and system stability to detect early signs of kernel panics or mutex-related errors associated with the iRDMA driver. 4. Use kernel live patching technologies where supported to apply fixes without requiring full system reboots, minimizing downtime. 5. Review and harden network device event handling and RDMA configuration to ensure that only trusted and necessary RDMA connections are established, reducing exposure. 6. Maintain up-to-date backups and disaster recovery plans to mitigate the impact of potential service disruptions caused by kernel crashes. 7. Engage with Linux distribution vendors for backported patches and support, especially for enterprise Linux distributions commonly used in Europe.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:21:30.417Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe45e9
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/29/2025, 11:11:41 PM
Last updated: 8/17/2025, 9:47:34 AM
Views: 11
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.