LiveActive security incident?Get immediate response
CVE Record

CVE-2022-48858: net/mlx5: Fix a race on command flush flow

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix a race on command flush flow Fix a refcount use after free warning due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entry while another process running command flush flow takes refcount to this command entry. The process which handles commands flush may see this command as needed to be flushed if the other process released its refcount but didn't release the index yet. Fix it by adding the needed spin lock. It fixes the following warning trace: refcount_t: addition on 0; use-after-free. WARNING: CPU: 11 PID: 540311 at lib/refcount.c:25 refcount_warn_saturate+0x80/0xe0 ... RIP: 0010:refcount_warn_saturate+0x80/0xe0 ... Call Trace: <TASK> mlx5_cmd_trigger_completions+0x293/0x340 [mlx5_core] mlx5_cmd_flush+0x3a/0xf0 [mlx5_core] enter_error_state+0x44/0x80 [mlx5_core] mlx5_fw_fatal_reporter_err_work+0x37/0xe0 [mlx5_core] process_one_work+0x1be/0x390 worker_thread+0x4d/0x3d0 ? rescuer_thread+0x350/0x350 kthread+0x141/0x160 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x1f/0x30 </TASK>

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel flaw in the mlx5 network driver command cleanup path. A race can cause a command entry reference count to be taken after it reaches zero, producing a use-after-free warning. The public record does not provide CVSS, attacker prerequisites, or confirmed business impact.

Executive priority

Handle through normal kernel patch management unless critical workloads depend on mlx5 networking or logs show matching warnings. There is no cited active exploitation or severity score, but kernel use-after-free conditions deserve timely remediation on exposed production infrastructure.

Technical view

CVE-2022-48858 affects Linux net/mlx5. During command flush, one process may see a command entry as flushable after another released the last refcount but before its index is released. The fix adds required spin locking around this race. The trace involves mlx5_cmd_trigger_completions, mlx5_cmd_flush, and firmware fatal error handling.

Likely exposure

Exposure appears limited to Linux kernels in the listed affected versions or commit ranges where the mlx5_core driver path is present. The source bundle does not prove remote reachability, privilege requirements, or whether exploitation is practical beyond the reported kernel warning condition.

Exploitation context

No active exploitation is supported by the provided sources. The CVE is not marked KEV, and the bundle contains no public exploit report. Treat this as an official kernel correctness and stability issue with incomplete evidence about attacker-controlled impact.

Researcher notes

The source record describes a race in command flush handling, not an exploit primitive. Missing data includes CVSS, CWE, attacker path, and impact scope. Analysis should focus on commit diff review, affected branch mapping, distro backports, and reproducing the warning safely in a controlled test environment.

Mitigation direction

  • Update to a kernel or distro package containing the referenced stable fixes.
  • Check vendor or distribution advisories for backported mlx5 fixes.
  • Prioritize systems using mlx5_core or affected kernel branches.
  • Schedule reboot or driver reload according to normal kernel patch procedures.
  • Track the CVE for later CVSS or distro severity updates.

Validation and detection

  • Inventory Linux kernel versions against the affected version list.
  • Confirm whether mlx5_core is present in relevant server builds.
  • Review kernel changelogs for the named net/mlx5 fix.
  • Check kernel logs for matching refcount use-after-free warnings.
  • Verify patched kernels include one of the referenced stable commits.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-48858 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux073fff8102062cd675170ceb54d90da22fe7e668, 50b2412b7e7862c5af0cbf4b10d93bc5c712d021, 50b2412b7e7862c5af0cbf4b10d93bc5c712d021, 50b2412b7e7862c5af0cbf4b10d93bc5c712d021, 50b2412b7e7862c5af0cbf4b10d93bc5c712d021, da87ea137373689dec9d3fafa34a57787320a4b3unaffected
LinuxLinux5.9, 0, 5.4.185, 5.10.106, 5.15.29, 5.16.15, 5.17affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.