CVE-2022-48840

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 16, 2024
Updated: Jul 17, 2024
CWE ID 835

Summary

CVE-2022-48840 is a vulnerability affecting the Linux kernel that can cause a hang during reboot or shutdown. The issue arises from a recent commit in the iavf driver that introduces a wait-loop in iavf_remove() to ensure port initialization is finished before unregistering the net device. However, this causes a regression when rebooting or shutting down, resulting in an endless loop and a hanging shutdown process. The patch addresses this issue by checking the adapter's state at the beginning of iavf_remove() and skipping the rest of the function if the adapter is already in remove state. This vulnerability can cause a system to freeze during the reboot process, as shown in the provided call trace.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share