FKIE_CVE-2022-50636

Vulnerability from fkie_nvd - Published: 2025-12-09 01:16 - Updated: 2025-12-09 18:37
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_device_is_present() for VFs by checking PF pci_device_is_present() previously didn't work for VFs because it reads the Vendor and Device ID, which are 0xffff for VFs, which looks like they aren't present. Check the PF instead. Wei Gong reported that if virtio I/O is in progress when the driver is unbound or "0" is written to /sys/.../sriov_numvfs, the virtio I/O operation hangs, which may result in output like this: task:bash state:D stack: 0 pid: 1773 ppid: 1241 flags:0x00004002 Call Trace: schedule+0x4f/0xc0 blk_mq_freeze_queue_wait+0x69/0xa0 blk_mq_freeze_queue+0x1b/0x20 blk_cleanup_queue+0x3d/0xd0 virtblk_remove+0x3c/0xb0 [virtio_blk] virtio_dev_remove+0x4b/0x80 ... device_unregister+0x1b/0x60 unregister_virtio_device+0x18/0x30 virtio_pci_remove+0x41/0x80 pci_device_remove+0x3e/0xb0 This happened because pci_device_is_present(VF) returned "false" in virtio_pci_remove(), so it called virtio_break_device(). The broken vq meant that vring_interrupt() skipped the vq.callback() that would have completed the virtio I/O operation via virtblk_done(). [bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/518573988a2f14f517403db2ece5ddaefba21e94
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/643d77fda08d06f863af35e80a7e517ea61d9629
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/65bd0962992abd42e77a05e68c7b40e7c73726d1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/67fd41bbb0f51aa648a47f728b99e6f1fa2ccc34
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/81565e51ccaf6fff8910e997ee22e16b5e1dabc3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/98b04dd0b4577894520493d96bc4623387767445
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/99ef6cc791584495987dd11b14769b450dfa5820
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f4b44c7766dae2b8681f621941cabe9f14066d59
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix pci_device_is_present() for VFs by checking PF\n\npci_device_is_present() previously didn\u0027t work for VFs because it reads the\nVendor and Device ID, which are 0xffff for VFs, which looks like they\naren\u0027t present.  Check the PF instead.\n\nWei Gong reported that if virtio I/O is in progress when the driver is\nunbound or \"0\" is written to /sys/.../sriov_numvfs, the virtio I/O\noperation hangs, which may result in output like this:\n\n  task:bash state:D stack:    0 pid: 1773 ppid:  1241 flags:0x00004002\n  Call Trace:\n   schedule+0x4f/0xc0\n   blk_mq_freeze_queue_wait+0x69/0xa0\n   blk_mq_freeze_queue+0x1b/0x20\n   blk_cleanup_queue+0x3d/0xd0\n   virtblk_remove+0x3c/0xb0 [virtio_blk]\n   virtio_dev_remove+0x4b/0x80\n   ...\n   device_unregister+0x1b/0x60\n   unregister_virtio_device+0x18/0x30\n   virtio_pci_remove+0x41/0x80\n   pci_device_remove+0x3e/0xb0\n\nThis happened because pci_device_is_present(VF) returned \"false\" in\nvirtio_pci_remove(), so it called virtio_break_device().  The broken vq\nmeant that vring_interrupt() skipped the vq.callback() that would have\ncompleted the virtio I/O operation via virtblk_done().\n\n[bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag]"
    }
  ],
  "id": "CVE-2022-50636",
  "lastModified": "2025-12-09T18:37:13.640",
  "metrics": {},
  "published": "2025-12-09T01:16:45.850",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/518573988a2f14f517403db2ece5ddaefba21e94"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/643d77fda08d06f863af35e80a7e517ea61d9629"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/65bd0962992abd42e77a05e68c7b40e7c73726d1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/67fd41bbb0f51aa648a47f728b99e6f1fa2ccc34"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/81565e51ccaf6fff8910e997ee22e16b5e1dabc3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/98b04dd0b4577894520493d96bc4623387767445"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/99ef6cc791584495987dd11b14769b450dfa5820"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f4b44c7766dae2b8681f621941cabe9f14066d59"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.