-

CVE-2022-50636

EPSS 0.02%
Veröffentlicht 09.12.2025 00:00:09
Zuletzt bearbeitet 09.12.2025 18:37:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix pci_device_is_present() for VFs by checking PF

pci_device_is_present() previously didn't work for VFs because it reads the
Vendor and Device ID, which are 0xffff for VFs, which looks like they
aren't present.  Check the PF instead.

Wei Gong reported that if virtio I/O is in progress when the driver is
unbound or "0" is written to /sys/.../sriov_numvfs, the virtio I/O
operation hangs, which may result in output like this:

  task:bash state:D stack:    0 pid: 1773 ppid:  1241 flags:0x00004002
  Call Trace:
   schedule+0x4f/0xc0
   blk_mq_freeze_queue_wait+0x69/0xa0
   blk_mq_freeze_queue+0x1b/0x20
   blk_cleanup_queue+0x3d/0xd0
   virtblk_remove+0x3c/0xb0 [virtio_blk]
   virtio_dev_remove+0x4b/0x80
   ...
   device_unregister+0x1b/0x60
   unregister_virtio_device+0x18/0x30
   virtio_pci_remove+0x41/0x80
   pci_device_remove+0x3e/0xb0

This happened because pci_device_is_present(VF) returned "false" in
virtio_pci_remove(), so it called virtio_break_device().  The broken vq
meant that vring_interrupt() skipped the vq.callback() that would have
completed the virtio I/O operation via virtblk_done().

[bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < f4b44c7766dae2b8681f621941cabe9f14066d59

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 643d77fda08d06f863af35e80a7e517ea61d9629

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 65bd0962992abd42e77a05e68c7b40e7c73726d1

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 99ef6cc791584495987dd11b14769b450dfa5820

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 67fd41bbb0f51aa648a47f728b99e6f1fa2ccc34

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 81565e51ccaf6fff8910e997ee22e16b5e1dabc3

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 518573988a2f14f517403db2ece5ddaefba21e94

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 98b04dd0b4577894520493d96bc4623387767445

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 4.14.*

Version 4.14.303

Status unaffected

Version <= 4.19.*

Version 4.19.270

Status unaffected

Version <= 5.4.*

Version 5.4.229

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.87

Status unaffected

Version <= 6.0.*

Version 6.0.18

Status unaffected

Version <= 6.1.*

Version 6.1.4

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/f4b44c7766dae2b8681f621941cabe9f14066d59

https://git.kernel.org/stable/c/643d77fda08d06f863af35e80a7e517ea61d9629

https://git.kernel.org/stable/c/65bd0962992abd42e77a05e68c7b40e7c73726d1

https://git.kernel.org/stable/c/99ef6cc791584495987dd11b14769b450dfa5820

https://git.kernel.org/stable/c/67fd41bbb0f51aa648a47f728b99e6f1fa2ccc34

https://git.kernel.org/stable/c/81565e51ccaf6fff8910e997ee22e16b5e1dabc3

https://git.kernel.org/stable/c/518573988a2f14f517403db2ece5ddaefba21e94

https://git.kernel.org/stable/c/98b04dd0b4577894520493d96bc4623387767445

https://nvd.nist.gov/vuln/detail/CVE-2022-50636

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50636

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50636

EUVD