{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49118", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.263Z", "datePublished": "2025-02-26T01:55:00.169Z", "dateUpdated": "2025-05-04T08:30:16.543Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:30:16.543Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Free irq vectors in order for v3 HW\n\nIf the driver probe fails to request the channel IRQ or fatal IRQ, the\ndriver will free the IRQ vectors before freeing the IRQs in free_irq(),\nand this will cause a kernel BUG like this:\n\n------------[ cut here ]------------\nkernel BUG at drivers/pci/msi.c:369!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP\nCall trace:\n free_msi_irqs+0x118/0x13c\n pci_disable_msi+0xfc/0x120\n pci_free_irq_vectors+0x24/0x3c\n hisi_sas_v3_probe+0x360/0x9d0 [hisi_sas_v3_hw]\n local_pci_probe+0x44/0xb0\n work_for_cpu_fn+0x20/0x34\n process_one_work+0x1d0/0x340\n worker_thread+0x2e0/0x460\n kthread+0x180/0x190\n ret_from_fork+0x10/0x20\n---[ end trace b88990335b610c11 ]---\n\nSo we use devm_add_action() to control the order in which we free the\nvectors."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"], "versions": [{"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b", "lessThan": "224903cc60d045576393c3b16907742f23e6c740", "status": "affected", "versionType": "git"}, {"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b", "lessThan": "f05a0d8de2ea49af36821a20b0b501e20ced937e", "status": "affected", "versionType": "git"}, {"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b", "lessThan": "8b6eab9d683bae7f88dc894b8c851f866032301c", "status": "affected", "versionType": "git"}, {"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b", "lessThan": "b4cc04fa8f1fc3816c8494d77abab3f72b9d2292", "status": "affected", "versionType": "git"}, {"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b", "lessThan": "554fb72ee34f4732c7f694f56c3c6e67790352a0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"], "versions": [{"version": "4.5", "status": "affected"}, {"version": "0", "lessThan": "4.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.111", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.34", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.20", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.3", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.10.111"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.15.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.16.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.17.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/224903cc60d045576393c3b16907742f23e6c740"}, {"url": "https://git.kernel.org/stable/c/f05a0d8de2ea49af36821a20b0b501e20ced937e"}, {"url": "https://git.kernel.org/stable/c/8b6eab9d683bae7f88dc894b8c851f866032301c"}, {"url": "https://git.kernel.org/stable/c/b4cc04fa8f1fc3816c8494d77abab3f72b9d2292"}, {"url": "https://git.kernel.org/stable/c/554fb72ee34f4732c7f694f56c3c6e67790352a0"}], "title": "scsi: hisi_sas: Free irq vectors in order for v3 HW", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Free irq vectors in order for v3 HW\n\nIf the driver probe fails to request the channel IRQ or fatal IRQ, the\ndriver will free the IRQ vectors before freeing the IRQs in free_irq(),\nand this will cause a kernel BUG like this:\n\n------------[ cut here ]------------\nkernel BUG at drivers/pci/msi.c:369!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP\nCall trace:\n free_msi_irqs+0x118/0x13c\n pci_disable_msi+0xfc/0x120\n pci_free_irq_vectors+0x24/0x3c\n hisi_sas_v3_probe+0x360/0x9d0 [hisi_sas_v3_hw]\n local_pci_probe+0x44/0xb0\n work_for_cpu_fn+0x20/0x34\n process_one_work+0x1d0/0x340\n worker_thread+0x2e0/0x460\n kthread+0x180/0x190\n ret_from_fork+0x10/0x20\n---[ end trace b88990335b610c11 ]---\n\nSo we use devm_add_action() to control the order in which we free the\nvectors."}], "id": "CVE-2022-49118", "lastModified": "2025-02-26T07:00:49.150", "metrics": {}, "published": "2025-02-26T07:00:49.150", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/224903cc60d045576393c3b16907742f23e6c740"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/554fb72ee34f4732c7f694f56c3c6e67790352a0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8b6eab9d683bae7f88dc894b8c851f866032301c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b4cc04fa8f1fc3816c8494d77abab3f72b9d2292"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f05a0d8de2ea49af36821a20b0b501e20ced937e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: scsi: hisi_sas: Free irq vectors in order for v3 HW", "id": "2347665", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347665"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-459", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: hisi_sas: Free irq vectors in order for v3 HW\nIf the driver probe fails to request the channel IRQ or fatal IRQ, the\ndriver will free the IRQ vectors before freeing the IRQs in free_irq(),\nand this will cause a kernel BUG like this:\n------------[ cut here ]------------\nkernel BUG at drivers/pci/msi.c:369!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP\nCall trace:\nfree_msi_irqs+0x118/0x13c\npci_disable_msi+0xfc/0x120\npci_free_irq_vectors+0x24/0x3c\nhisi_sas_v3_probe+0x360/0x9d0 [hisi_sas_v3_hw]\nlocal_pci_probe+0x44/0xb0\nwork_for_cpu_fn+0x20/0x34\nprocess_one_work+0x1d0/0x340\nworker_thread+0x2e0/0x460\nkthread+0x180/0x190\nret_from_fork+0x10/0x20\n---[ end trace b88990335b610c11 ]---\nSo we use devm_add_action() to control the order in which we free the\nvectors."], "name": "CVE-2022-49118", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49118\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49118\nhttps://lore.kernel.org/linux-cve-announce/2025022603-CVE-2022-49118-e2fa@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-12T22:31:44.840509+00:00", "updated": "2025-07-12T22:31:44.840572+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}