CVE-2022-49156: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49156 affects the Linux kernel's qla2xxx SCSI driver. The vulnerability was discovered when the driver made calls into the midlayer (fcremoteport_delete) which could put the thread to sleep while in interrupt context, leading to a crash. This scheduling-while-atomic bug was fixed in the Linux kernel through a patch that schedules the call in non-interrupt context (Kernel Git).

The vulnerability occurs when the qla2xxx driver attempts to execute fcremoteportdelete while in interrupt context. This operation can trigger a sleep state, which is not allowed in interrupt context. The issue manifests as a scheduling-while-atomic bug, producing a kernel trace showing the crash path through various kernel functions including scheduletimeout, waitforcompletion, and _waitrcu_gp (Debian Tracker).

When triggered, this vulnerability causes a kernel crash, disrupting system operations. The crash occurs due to an attempt to schedule while in an atomic context, which violates kernel threading rules (Kernel Git).

The issue has been fixed by modifying the driver to schedule the fcremoteportdelete call in non-interrupt context using qltschedulesessfor_deletion. This fix has been incorporated into various Linux kernel versions (Kernel Git).