{"id":"CVE-2022-49536","summary":"scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix SCSI I/O completion and abort handler deadlock\n\nDuring stress I/O tests with 500+ vports, hard LOCKUP call traces are\nobserved.\n\nCPU A:\n native_queued_spin_lock_slowpath+0x192\n _raw_spin_lock_irqsave+0x32\n lpfc_handle_fcp_err+0x4c6\n lpfc_fcp_io_cmd_wqe_cmpl+0x964\n lpfc_sli4_fp_handle_cqe+0x266\n __lpfc_sli4_process_cq+0x105\n __lpfc_sli4_hba_process_cq+0x3c\n lpfc_cq_poll_hdler+0x16\n irq_poll_softirq+0x76\n __softirqentry_text_start+0xe4\n irq_exit+0xf7\n do_IRQ+0x7f\n\nCPU B:\n native_queued_spin_lock_slowpath+0x5b\n _raw_spin_lock+0x1c\n lpfc_abort_handler+0x13e\n scmd_eh_abort_handler+0x85\n process_one_work+0x1a7\n worker_thread+0x30\n kthread+0x112\n ret_from_fork+0x1f\n\nDiagram of lockup:\n\nCPUA                            CPUB\n----                            ----\nlpfc_cmd-\u003ebuf_lock\n                            phba-\u003ehbalock\n                            lpfc_cmd-\u003ebuf_lock\nphba-\u003ehbalock\n\nFix by reordering the taking of the lpfc_cmd-\u003ebuf_lock and phba-\u003ehbalock in\nlpfc_abort_handler routine so that it tries to take the lpfc_cmd-\u003ebuf_lock\nfirst before phba-\u003ehbalock.","modified":"2026-04-02T08:27:41.058276Z","published":"2025-02-26T02:13:54.014Z","related":["SUSE-SU-2025:01600-1","SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49536.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/03cbbd7c2f5ee288f648f4aeedc765a181188553"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0c4eed901285b9cae36a622f32bea3e92490da6c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/21c0d469349957b5dc811c41200a2a998996ca8d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7625e81de2164a082810e1f27547d388406da610"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49536.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49536"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c2017260eea2db62e7bb1b7cbb1759f1d11ed067"},{"fixed":"7625e81de2164a082810e1f27547d388406da610"},{"fixed":"21c0d469349957b5dc811c41200a2a998996ca8d"},{"fixed":"0c4eed901285b9cae36a622f32bea3e92490da6c"},{"fixed":"03cbbd7c2f5ee288f648f4aeedc765a181188553"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49536.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}