CVE-2022-48864: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48864 affects the Linux kernel's vdpa/mlx5 component. The vulnerability was discovered when it was found that the control virtual queue (vq) lacked proper validation for VIRTIONETCTRLMQVQPAIRSSET command requests from drivers. Specifically, there was no validation against the number of queue pairs to configure, and the system did not verify if multiqueue had been negotiated (Kernel Commit).

The vulnerability exists in the Linux kernel's vdpa/mlx5 driver's handling of VIRTIONETCTRLMQVQPAIRSSET commands. When the control virtual queue receives this command request from a driver, the system failed to validate both the number of queue pairs to configure and whether multiqueue had been negotiated. The issue was introduced in commit 52893733f2c5 which added multiqueue support to vdpa/mlx5 (Kernel Commit).

This vulnerability could lead to a kernel panic due to uninitialized resources for the queues if a bogus request is sent by an untrusted driver. The impact is particularly severe because an untrusted driver could fake a multiqueue config request to a non-mq device, potentially causing system instability (Kernel Commit).

The issue has been fixed by adding proper validation checks for the VIRTIONETCTRLMQVQPAIRSSET command. The fix includes verifying if multiqueue had been negotiated using MLX5FEATURE(mvdev, VIRTIONETFMQ) and validating the number of queue pairs against minimum and maximum allowed values (Kernel Commit).