CVE-2022-48835: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability has been discovered in the mpt3sas driver where a page fault occurs during reply queue processing. This issue (CVE-2022-48835) is caused by mpt3sasbasesyncreplyirqs() using an invalid replyq pointer outside of the listforeachentry() loop. The vulnerability was discovered in March 2022 and affects the SCSI subsystem of the Linux kernel (Kernel Git).

The vulnerability occurs when mpt3sasbasesyncreplyirqs() attempts to use a reply_q pointer that has become invalid after completing a list traversal. The issue manifests during LUN reset error paths, leading to a page fault when accessing memory at address 0x00000007fffc445d. The bug was introduced by commit 711a923c14d9 ("scsi: mpt3sas: Postprocessing of target and LUN reset") and triggers a kernel panic with a supervisor read access fault in kernel mode (Kernel Git).

When triggered, this vulnerability causes a kernel panic due to an invalid memory access, leading to system instability and potential denial of service. The issue specifically affects systems using the mpt3sas SCSI driver (Kernel Git).

The issue has been fixed by moving the baseprocessreplyqueue() call inside the listforeachentry() loop in mpt3sasbasesyncreplyirqs(). The fix ensures that the replyq pointer is only used while it remains valid within the loop context. Users should update to a patched version of the Linux kernel that includes this fix (Kernel Git).