CVE-2022-49155: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49155 affects the Linux kernel's qla2xxx driver, specifically in the qlacreateqpair() function. The vulnerability was discovered when a kernel complaint was observed during system operation, involving the use of smpprocessorid() in preemptible code context. This issue affects multiple versions of the Linux kernel, including versions from 4.14 through 5.17 (NVD).

The vulnerability manifests when the qla2xxx driver attempts to use smpprocessorid() in a preemptible code context within the qlacreateqpair() function. The issue was identified through a kernel bug report showing the improper use of smpprocessorid() in the systemd-udevd process. The CVSS v3.1 base score for this vulnerability is 5.5 (MEDIUM), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to potential system instability when the qla2xxx driver is loaded and initialized. The issue occurs during device initialization and could affect system operations involving the QLogic Fibre Channel driver. The impact is primarily focused on availability, as indicated by the CVSS metrics showing no impact on confidentiality or integrity, but high impact on availability (NVD).

The vulnerability has been patched by replacing smpprocessorid() with rawsmpprocessorid() in the qlacpuupdate() function call within qlacreate_qpair(). This fix has been implemented across multiple kernel versions through various stable tree patches (Kernel Patch).