{
  "threat_severity" : "Moderate",
  "public_date" : "2025-03-27T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: VMCI: Use threaded irqs instead of tasklets",
    "id" : "2355497",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2355497"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-667",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nVMCI: Use threaded irqs instead of tasklets\nThe vmci_dispatch_dgs() tasklet function calls vmci_read_data()\nwhich uses wait_event() resulting in invalid sleep in an atomic\ncontext (and therefore potentially in a deadlock).\nUse threaded irqs to fix this issue and completely remove usage\nof tasklets.\n[   20.264639] BUG: sleeping function called from invalid context at drivers/misc/vmw_vmci/vmci_guest.c:145\n[   20.264643] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 762, name: vmtoolsd\n[   20.264645] preempt_count: 101, expected: 0\n[   20.264646] RCU nest depth: 0, expected: 0\n[   20.264647] 1 lock held by vmtoolsd/762:\n[   20.264648]  #0: ffff0000874ae440 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connect+0x60/0x330 [vsock]\n[   20.264658] Preemption disabled at:\n[   20.264659] [<ffff80000151d7d8>] vmci_send_datagram+0x44/0xa0 [vmw_vmci]\n[   20.264665] CPU: 0 PID: 762 Comm: vmtoolsd Not tainted 5.19.0-0.rc8.20220727git39c3c396f813.60.fc37.aarch64 #1\n[   20.264667] Hardware name: VMware, Inc. VBSA/VBSA, BIOS VEFI 12/31/2020\n[   20.264668] Call trace:\n[   20.264669]  dump_backtrace+0xc4/0x130\n[   20.264672]  show_stack+0x24/0x80\n[   20.264673]  dump_stack_lvl+0x88/0xb4\n[   20.264676]  dump_stack+0x18/0x34\n[   20.264677]  __might_resched+0x1a0/0x280\n[   20.264679]  __might_sleep+0x58/0x90\n[   20.264681]  vmci_read_data+0x74/0x120 [vmw_vmci]\n[   20.264683]  vmci_dispatch_dgs+0x64/0x204 [vmw_vmci]\n[   20.264686]  tasklet_action_common.constprop.0+0x13c/0x150\n[   20.264688]  tasklet_action+0x40/0x50\n[   20.264689]  __do_softirq+0x23c/0x6b4\n[   20.264690]  __irq_exit_rcu+0x104/0x214\n[   20.264691]  irq_exit_rcu+0x1c/0x50\n[   20.264693]  el1_interrupt+0x38/0x6c\n[   20.264695]  el1h_64_irq_handler+0x18/0x24\n[   20.264696]  el1h_64_irq+0x68/0x6c\n[   20.264697]  preempt_count_sub+0xa4/0xe0\n[   20.264698]  _raw_spin_unlock_irqrestore+0x64/0xb0\n[   20.264701]  vmci_send_datagram+0x7c/0xa0 [vmw_vmci]\n[   20.264703]  vmci_datagram_dispatch+0x84/0x100 [vmw_vmci]\n[   20.264706]  vmci_datagram_send+0x2c/0x40 [vmw_vmci]\n[   20.264709]  vmci_transport_send_control_pkt+0xb8/0x120 [vmw_vsock_vmci_transport]\n[   20.264711]  vmci_transport_connect+0x40/0x7c [vmw_vsock_vmci_transport]\n[   20.264713]  vsock_connect+0x278/0x330 [vsock]\n[   20.264715]  __sys_connect_file+0x8c/0xc0\n[   20.264718]  __sys_connect+0x84/0xb4\n[   20.264720]  __arm64_sys_connect+0x2c/0x3c\n[   20.264721]  invoke_syscall+0x78/0x100\n[   20.264723]  el0_svc_common.constprop.0+0x68/0x124\n[   20.264724]  do_el0_svc+0x38/0x4c\n[   20.264725]  el0_svc+0x60/0x180\n[   20.264726]  el0t_64_sync_handler+0x11c/0x150\n[   20.264728]  el0t_64_sync+0x190/0x194" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49759\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49759\nhttps://lore.kernel.org/linux-cve-announce/2025032702-CVE-2022-49759-5392@gregkh/T" ],
  "name" : "CVE-2022-49759",
  "csaw" : false
}