Security readout for executives and security teams
Plain-English summary
CVE-2022-48916 is a Linux kernel bug that can crash affected systems during boot when Intel VMD and IOMMU scalable mode are enabled. The public record describes a kernel panic on an Eagle Stream/Sapphire Rapids server. This is mainly an availability risk for specific hardware configurations, not a broadly internet-exposed issue.
Executive priority
Treat this as a targeted reliability issue for affected Linux server hardware. Prioritize remediation on storage-heavy systems where boot failure or kernel panic could interrupt production. It is not currently supported as an actively exploited or remotely exposed threat in the provided sources.
Technical view
The issue is in Linux iommu/vt-d handling. When VMD is enabled with IOMMU scalable mode, VMD subdevices can be added twice to internal lists, triggering list_debug and a kernel BUG during PCI/IOMMU device setup. The CVE references stable kernel commits that resolve the double list_add condition.
Likely exposure
Exposure appears limited to Linux systems using Intel VMD, such as NVMe RAID/VMD configurations, with Intel VT-d IOMMU scalable mode enabled. The source example involves Sapphire Rapids/Eagle Stream hardware. Systems without this hardware or configuration are less likely to be affected.
Exploitation context
No active exploitation is indicated in the provided sources, and CISA KEV status is false. The described trigger occurs during boot or device discovery in a specific hardware/kernel configuration. The practical impact is denial of service through kernel panic, not documented remote code execution.
Researcher notes
Public details identify a boot-time crash path in intel_iommu_attach_device, iommu_group_add_device, and VMD PCI scanning. Severity, CVSS, and CWE are not provided. Affected-version metadata is limited, so distribution-specific advisories should be used for exact exposure decisions.
Mitigation direction
Check your Linux distribution or kernel vendor guidance for CVE-2022-48916.
Update to a kernel build that includes the referenced stable fixes.
Prioritize systems using Intel VMD with VT-d scalable mode enabled.
If patching is delayed, assess whether VMD or scalable mode is required.
Validation and detection
Inventory Linux servers using Intel VMD or NVMe RAID features.
Confirm whether IOMMU scalable mode is enabled on those systems.
Compare running kernel builds with vendor advisories for this CVE.
Review boot logs for RID2PASID failures, list_debug BUGs, or kernel panics.
Verify the relevant stable kernel fix commits are included.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-48916 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.