CVE-2022-49703: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49703 affects the Linux kernel's SCSI IBM Virtual Fibre Channel (ibmvfc) driver. The vulnerability was discovered when a back pointer from a queue to the vhost adapter wasn't set until after subcrq interrupt registration, leading to potential system crashes. The issue was particularly observed during kexec/kdump operations on Power 9 systems with legacy XICS interrupt controller (Kernel Patch).

The vulnerability stems from a timing issue where a pending subcrq interrupt from the previous kernel could be replayed immediately upon IRQ registration. This results in dereferencing a garbage backpointer in the ibmvfcinterruptscsi() function. The issue manifests as a NULL pointer dereference when reading at address 0x00000058, triggering a kernel crash. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 MEDIUM (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

When exploited, this vulnerability can cause a system crash through a NULL pointer dereference, leading to a denial of service condition. This is particularly impactful during system operations like kexec/kdump on affected Power 9 systems (Kernel Patch).

The issue has been fixed by storing the vhost pointer during subcrq allocation. The fix involves setting the value when a queue is first allocated, which applies to primary and async queues as well as subcrqs. The patch has been merged into the Linux kernel (Kernel Patch).