CVE-2022-49725

low-risk

Published 2025-02-26

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix call trace in setup_tx_descriptors After PF reset and ethtool -t there was call trace in dmesg sometimes leading to panic. When there was some time, around 5 seconds, between reset and test there were no errors. Problem was that pf reset calls i40e_vsi_close in prep_for_reset and ethtool -t calls i40e_vsi_close in diag_test. If there was not enough time between those commands the second i40e_vsi_close starts before previous i40e_vsi_close was done which leads to crash. Add check to diag_test if pf is in reset and don't start offline tests if it is true. Add netif_info("testing failed") into unhappy path of i40e_diag_test()

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (3)

Linux Kernel

Affected Vendors

Linux

References (7)

Patch https://git.kernel.org/stable/c/0a4e5a3dc5e41212870e6043895ae02455c93f63

Patch https://git.kernel.org/stable/c/15950157e2c24865b696db1c9ccc72743ae0e967

Patch https://git.kernel.org/stable/c/322271351b0e41565171e4cce70ea41854fac115

Patch https://git.kernel.org/stable/c/5ba9956ca57e361fb13ea369bb753eb33177acc7

Patch https://git.kernel.org/stable/c/814092927a215f5ca6c08249ec72a205e0b473cd

Patch https://git.kernel.org/stable/c/fd5855e6b1358e816710afee68a1d2bc685176ca

Patch https://git.kernel.org/stable/c/ff6e03fe84bc917bb0c907d02de668c2fe101712

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 9/34 · Low