CVE-2022-49687

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49687
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49687.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49687
Related
Published
2025-02-26T07:01:43Z
Modified
2025-02-26T19:01:44.901638Z
Downstream
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

virtionet: fix xdprxq_info bug after suspend/resume

The following sequence currently causes a driver bug warning when using virtio_net:

# ip link set eth0 up # echo mem > /sys/power/state (or e.g. # rtcwake -s 10 -m mem) <resume> # ip link set eth0 down

Missing register, driver bug WARNING: CPU: 0 PID: 375 at net/core/xdp.c:138 xdprxqinfounreg+0x58/0x60 Call trace: xdprxqinfounreg+0x58/0x60 virtnetclose+0x58/0xac _devclosemany+0xac/0x140 _devchangeflags+0xd8/0x210 devchangeflags+0x24/0x64 dosetlink+0x230/0xdd0 ...

This happens because virtnetfreeze() frees the receivequeue completely (including struct xdprxqinfo) but does not call xdprxqinfounreg(). Similarly, virtnetrestore() sets up the receivequeue again but does not call xdprxqinforeg().

Actually, parts of virtnetfreezedown() and virtnetrestoreup() are almost identical to virtnetclose() and virtnetopen(): only the calls to xdprxqinfo(un)reg() are missing. This means that we can fix this easily and avoid such problems in the future by just calling virtnetclose()/open() from the freeze/restore handlers.

Aside from adding the missing xdprxqinfo calls the only difference is that the refill work is only cancelled if netif_running(). However, this should not make any functional difference since the refill work should only be active if the network interface is actually up.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.127-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.14-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.14-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}