{
  "threat_severity" : "Moderate",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq",
    "id" : "2373671",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373671"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nscsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq\nstorvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it\ndoesn't need to make forward progress under memory pressure.  Marking this\nworkqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a\nnon-WQ_MEM_RECLAIM workqueue.  In the current state it causes the following\nwarning:\n[   14.506347] ------------[ cut here ]------------\n[   14.506354] workqueue: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun is flushing !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn\n[   14.506360] WARNING: CPU: 0 PID: 8 at <-snip->kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130\n[   14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.4.0-1086-azure #91~18.04.1-Ubuntu\n[   14.506391] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022\n[   14.506393] Workqueue: storvsc_error_wq_0 storvsc_remove_lun\n[   14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130\n<-snip->\n[   14.506408] Call Trace:\n[   14.506412]  __flush_work+0xf1/0x1c0\n[   14.506414]  __cancel_work_timer+0x12f/0x1b0\n[   14.506417]  ? kernfs_put+0xf0/0x190\n[   14.506418]  cancel_delayed_work_sync+0x13/0x20\n[   14.506420]  disk_block_events+0x78/0x80\n[   14.506421]  del_gendisk+0x3d/0x2f0\n[   14.506423]  sr_remove+0x28/0x70\n[   14.506427]  device_release_driver_internal+0xef/0x1c0\n[   14.506428]  device_release_driver+0x12/0x20\n[   14.506429]  bus_remove_device+0xe1/0x150\n[   14.506431]  device_del+0x167/0x380\n[   14.506432]  __scsi_remove_device+0x11d/0x150\n[   14.506433]  scsi_remove_device+0x26/0x40\n[   14.506434]  storvsc_remove_lun+0x40/0x60\n[   14.506436]  process_one_work+0x209/0x400\n[   14.506437]  worker_thread+0x34/0x400\n[   14.506439]  kthread+0x121/0x140\n[   14.506440]  ? process_one_work+0x400/0x400\n[   14.506441]  ? kthread_park+0x90/0x90\n[   14.506443]  ret_from_fork+0x35/0x40\n[   14.506445] ---[ end trace 2d9633159fdc6ee7 ]---" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-477.10.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49986\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49986\nhttps://lore.kernel.org/linux-cve-announce/2025061823-CVE-2022-49986-d434@gregkh/T" ],
  "name" : "CVE-2022-49986",
  "csaw" : false
}