CVE-2022-48675

Published: May 3, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmput_async(). From the below call trace [1] can see that calling mmput() once we have the umem_odp->umem_mutex locked as required by ib_umem_odp_map_dma_and_lock() might trigger in the same task the exit_mmap()->__mmu_notifier_release()->mlx5_ib_invalidate_range() which may dead lock when trying to lock the same mutex. Moving to use mmput_async() will solve the problem as the above exit_mmap() flow will be called in other task and will be executed once the lock will be available. [1] [64843.077665] task:kworker/u133:2 state:D stack: 0 pid:80906 ppid: 2 flags:0x00004000 [64843.077672] Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib] [64843.077719] Call Trace: [64843.077722] <TASK> [64843.077724] __schedule+0x23d/0x590 [64843.077729] schedule+0x4e/0xb0 [64843.077735] schedule_preempt_disabled+0xe/0x10 [64843.077740] __mutex_lock.constprop.0+0x263/0x490 [64843.077747] __mutex_lock_slowpath+0x13/0x20 [64843.077752] mutex_lock+0x34/0x40 [64843.077758] mlx5_ib_invalidate_range+0x48/0x270 [mlx5_ib] [64843.077808] __mmu_notifier_release+0x1a4/0x200 [64843.077816] exit_mmap+0x1bc/0x200 [64843.077822] ? walk_page_range+0x9c/0x120 [64843.077828] ? __cond_resched+0x1a/0x50 [64843.077833] ? mutex_lock+0x13/0x40 [64843.077839] ? uprobe_clear_state+0xac/0x120 [64843.077860] mmput+0x5f/0x140 [64843.077867] ib_umem_odp_map_dma_and_lock+0x21b/0x580 [ib_core] [64843.077931] pagefault_real_mr+0x9a/0x140 [mlx5_ib] [64843.077962] pagefault_mr+0xb4/0x550 [mlx5_ib] [64843.077992] pagefault_single_data_segment.constprop.0+0x2ac/0x560 [mlx5_ib] [64843.078022] mlx5_ib_eqe_pf_action+0x528/0x780 [mlx5_ib] [64843.078051] process_one_work+0x22b/0x3d0 [64843.078059] worker_thread+0x53/0x410 [64843.078065] ? process_one_work+0x3d0/0x3d0 [64843.078073] kthread+0x12a/0x150 [64843.078079] ? set_kthread_struct+0x50/0x50 [64843.078085] ret_from_fork+0x22/0x30 [64843.078093] </TASK>

Vendor	Product	Versions
Linux	Linux	affected `36f30e486dce22345c2dd3a3ba439c12cd67f6ba - < e8de6cb5755eae7b793d8c00c8696c8667d44a7f` affected `36f30e486dce22345c2dd3a3ba439c12cd67f6ba - < 819110054b14d7272b4188db997a3d80f75ab785` affected `36f30e486dce22345c2dd3a3ba439c12cd67f6ba - < 83c43fd872e32c8071d5582eb7c40f573a8342f3` affected `36f30e486dce22345c2dd3a3ba439c12cd67f6ba - < 85eaeb5058f0f04dffb124c97c86b4f18db0b833`
Linux	Linux	affected `5.10` unaffected `0 - < 5.10` unaffected `5.10.143 - <= 5.10.` unaffected `5.15.68 - <= 5.15.` unaffected `5.19.9 - <= 5.19.*` +1 more versions

References

https://git.kernel.org/stable/c/e8de6cb5755eae7b793d8c00c8696c8667d44a7f

https://git.kernel.org/stable/c/819110054b14d7272b4188db997a3d80f75ab785

https://git.kernel.org/stable/c/83c43fd872e32c8071d5582eb7c40f573a8342f3

https://git.kernel.org/stable/c/85eaeb5058f0f04dffb124c97c86b4f18db0b833

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48675

Description

Affected Products

References