CVE-2022-49537

scsi: lpfc: Fix call trace observed during I/O with CMF enabled

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processor_id() in preemptible code: systemd-udevd/31711 kernel: caller is lpfc_update_cmf_cmd+0x214/0x420 [lpfc] kernel: CPU: 12 PID: 31711 Comm: systemd-udevd kernel: Call Trace: kernel: <TASK> kernel: dump_stack_lvl+0x44/0x57 kernel: check_preemption_disabled+0xbf/0xe0 kernel: lpfc_update_cmf_cmd+0x214/0x420 [lpfc] kernel: lpfc_nvme_fcp_io_submit+0x23b4/0x4df0 [lpfc] this_cpu_ptr() calls smp_processor_id() in a preemptible context. Fix by using per_cpu_ptr() with raw_smp_processor_id() instead.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ae373d66c427812754db5292eb1481b181daf9ce
https://git.kernel.org/stable/c/cd7f899de4b1b829125d72ee6fbfd878b637b815
https://git.kernel.org/stable/c/517e0835cfb2007713ff16c4fb8479f08b16aec7
https://git.kernel.org/stable/c/d6d45f67a11136cb88a70a29ab22ea6db8ae6bd5

Frequently Asked Questions

What is the severity of CVE-2022-49537?
CVE-2022-49537 has not yet been assigned a CVSS score.
How to fix CVE-2022-49537?
To fix CVE-2022-49537, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49537 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49537 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49537?
CVE-2022-49537 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.