{"id":"CVE-2022-49096","summary":"net: sfc: add missing xdp queue reinitialization","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sfc: add missing xdp queue reinitialization\n\nAfter rx/tx ring buffer size is changed, kernel panic occurs when\nit acts XDP_TX or XDP_REDIRECT.\n\nWhen tx/rx ring buffer size is changed(ethtool -G), sfc driver\nreallocates and reinitializes rx and tx queues and their buffer\n(tx_queue-\u003ebuffer).\nBut it misses reinitializing xdp queues(efx-\u003exdp_tx_queues).\nSo, while it is acting XDP_TX or XDP_REDIRECT, it uses the uninitialized\ntx_queue-\u003ebuffer.\n\nA new function efx_set_xdp_channels() is separated from efx_set_channels()\nto handle only xdp queues.\n\nSplat looks like:\n   BUG: kernel NULL pointer dereference, address: 000000000000002a\n   #PF: supervisor write access in kernel mode\n   #PF: error_code(0x0002) - not-present page\n   PGD 0 P4D 0\n   Oops: 0002 [#4] PREEMPT SMP NOPTI\n   RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]\n   CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D           5.17.0+ #55 e8beeee8289528f11357029357cf\n   Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80\n   RSP: 0018:ffff92f121e45c60 EFLAGS: 00010297\n   RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]\n   RAX: 0000000000000040 RBX: ffff92ea506895c0 RCX: ffffffffc0330870\n   RDX: 0000000000000001 RSI: 00000001139b10ce RDI: ffff92ea506895c0\n   RBP: ffffffffc0358a80 R08: 00000001139b110d R09: 0000000000000000\n   R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040\n   R13: 0000000000000018 R14: 00000001139b10ce R15: ffff92ea506895c0\n   FS:  0000000000000000(0000) GS:ffff92f121ec0000(0000) knlGS:0000000000000000\n   CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n   Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80\n   CR2: 000000000000002a CR3: 00000003e6810004 CR4: 00000000007706e0\n   RSP: 0018:ffff92f121e85c60 EFLAGS: 00010297\n   PKRU: 55555554\n   RAX: 0000000000000040 RBX: ffff92ea50689700 RCX: ffffffffc0330870\n   RDX: 0000000000000001 RSI: 00000001145a90ce RDI: ffff92ea50689700\n   RBP: ffffffffc0358a80 R08: 00000001145a910d R09: 0000000000000000\n   R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040\n   R13: 0000000000000018 R14: 00000001145a90ce R15: ffff92ea50689700\n   FS:  0000000000000000(0000) GS:ffff92f121e80000(0000) knlGS:0000000000000000\n   CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n   CR2: 000000000000002a CR3: 00000003e6810005 CR4: 00000000007706e0\n   PKRU: 55555554\n   Call Trace:\n    \u003cIRQ\u003e\n    efx_xdp_tx_buffers+0x12b/0x3d0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n    __efx_rx_packet+0x5c3/0x930 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n    efx_rx_packet+0x28c/0x2e0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n    efx_ef10_ev_process+0x5f8/0xf40 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n    ? enqueue_task_fair+0x95/0x550\n    efx_poll+0xc4/0x360 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]","modified":"2026-04-02T08:27:18.052137Z","published":"2025-02-26T01:54:49.108Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1241-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49096.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/059a47f1da93811d37533556d67e72f2261b1127"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b8c46bc358d84701e7f7ffa054037db25f25da0e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dcc85e1593686e42c6749ef3d356db34759d59e8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ed7a824fda8732578d1014fad1f7fb0363705090"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49096.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49096"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3990a8fffbdad5765f47ea593f9de66c91762059"},{"fixed":"ed7a824fda8732578d1014fad1f7fb0363705090"},{"fixed":"b8c46bc358d84701e7f7ffa054037db25f25da0e"},{"fixed":"dcc85e1593686e42c6749ef3d356db34759d59e8"},{"fixed":"059a47f1da93811d37533556d67e72f2261b1127"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49096.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}