{"vulnerability": "CVE-2022-48916", "sightings": [{"uuid": "f5f2160b-dc62-424e-8140-fb4dc833e22d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48916", "type": "seen", "source": "https://t.me/cvedetector/3870", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48916 - Intel VMD IOMMU Scalable Mode Double List Add Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-48916 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \niommu/vt-d: Fix double list_add when enabling VMD in scalable mode  \n  \nWhen enabling VMD and IOMMU scalable mode, the following kernel panic  \ncall trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids  \nCPU) during booting:  \n  \npci 0000:59:00.5: Adding to iommu group 42  \n...  \nvmd 0000:59:00.5: PCI host bridge to bus 10000:80  \npci 10000:80:01.0: [8086:352a] type 01 class 0x060400  \npci 10000:80:01.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit]  \npci 10000:80:01.0: enabling Extended Tags  \npci 10000:80:01.0: PME# supported from D0 D3hot D3cold  \npci 10000:80:01.0: DMAR: Setup RID2PASID failed  \npci 10000:80:01.0: Failed to add to iommu group 42: -16  \npci 10000:80:03.0: [8086:352b] type 01 class 0x060400  \npci 10000:80:03.0: reg 0x10: [mem 0x00000000-0x0001ffff 64bit]  \npci 10000:80:03.0: enabling Extended Tags  \npci 10000:80:03.0: PME# supported from D0 D3hot D3cold  \n------------[ cut here ]------------  \nkernel BUG at lib/list_debug.c:29!  \ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI  \nCPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.17.0-rc3+ #7  \nHardware name: Lenovo ThinkSystem SR650V3/SB27A86647, BIOS ESE101Y-1.00 01/13/2022  \nWorkqueue: events work_for_cpu_fn  \nRIP: 0010:__list_add_valid.cold+0x26/0x3f  \nCode: 9a 4a ab ff 4c 89 c1 48 c7 c7 40 0c d9 9e e8 b9 b1 fe ff 0f  \n      0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 f0 0c d9 9e e8 a2 b1  \n      fe ff  0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 98 0c d9  \n      9e e8 8b b1 fe  \nRSP: 0000:ff5ad434865b3a40 EFLAGS: 00010246  \nRAX: 0000000000000058 RBX: ff4d61160b74b880 RCX: ff4d61255e1fffa8  \nRDX: 0000000000000000 RSI: 00000000fffeffff RDI: ffffffff9fd34f20  \nRBP: ff4d611d8e245c00 R08: 0000000000000000 R09: ff5ad434865b3888  \nR10: ff5ad434865b3880 R11: ff4d61257fdc6fe8 R12: ff4d61160b74b8a0  \nR13: ff4d61160b74b8a0 R14: ff4d611d8e245c10 R15: ff4d611d8001ba70  \nFS:  0000000000000000(0000) GS:ff4d611d5ea00000(0000) knlGS:0000000000000000  \nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \nCR2: ff4d611fa1401000 CR3: 0000000aa0210001 CR4: 0000000000771ef0  \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  \nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400  \nPKRU: 55555554  \nCall Trace:  \n   \n intel_pasid_alloc_table+0x9c/0x1d0  \n dmar_insert_one_dev_info+0x423/0x540  \n ? device_to_iommu+0x12d/0x2f0  \n intel_iommu_attach_device+0x116/0x290  \n __iommu_attach_device+0x1a/0x90  \n iommu_group_add_device+0x190/0x2c0  \n __iommu_probe_device+0x13e/0x250  \n iommu_probe_device+0x24/0x150  \n iommu_bus_notifier+0x69/0x90  \n blocking_notifier_call_chain+0x5a/0x80  \n device_add+0x3db/0x7b0  \n ? arch_memremap_can_ram_remap+0x19/0x50  \n ? memremap+0x75/0x140  \n pci_device_add+0x193/0x1d0  \n pci_scan_single_device+0xb9/0xf0  \n pci_scan_slot+0x4c/0x110  \n pci_scan_child_bus_extend+0x3a/0x290  \n vmd_enable_domain.constprop.0+0x63e/0x820  \n vmd_probe+0x163/0x190  \n local_pci_probe+0x42/0x80  \n work_for_cpu_fn+0x13/0x20  \n process_one_work+0x1e2/0x3b0  \n worker_thread+0x1c4/0x3a0  \n ? rescuer_thread+0x370/0x370  \n kthread+0xc7/0xf0  \n ? kthread_complete_and_exit+0x20/0x20  \n ret_from_fork+0x1f/0x30  \n   \nModules linked in:  \n---[ end trace 0000000000000000 ]---  \n...  \nKernel panic - not syncing: Fatal exception  \nKernel Offset: 0x1ca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)  \n---[ end Kernel panic - not syncing: Fatal exception ]---  \n  \nThe following 'lspci' output shows devices '10000:80:*' are subdevices of  \nthe VMD device 0000:59:00.5:  \n  \n  $ lspci  \n  ...  \n  0000:59:00.5 RAID bus controller: Intel Corporation Volume Management Device NVMe RAID Controller (rev 20)  \n  ...  \n  10000:80:01.0 PCI bridge: Intel Corporation Device 352a (rev 03)  \n  10000:80[...]", "creation_timestamp": "2024-08-22T05:08:51.000000Z"}]}