CVE-2022-49537: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49537 affects the Linux kernel's SCSI lpfc driver when CMF (Capability Management Framework) is enabled. The vulnerability was discovered when a call trace was observed during I/O operations, specifically related to improper usage of smpprocessorid() in preemptible code contexts (Kernel Git).

The vulnerability stems from the improper use of thiscpuptr() which calls smpprocessorid() in a preemptible context within the lpfc driver. The issue manifests in the lpfcupdatecmfcmd function, causing a bug when the system attempts to access per-CPU data structures. The call trace shows the error occurring in systemd-udevd process with PID 31711 on CPU 12, specifically in the lpfcupdatecmfcmd+0x214/0x420 [lpfc] function call chain (Kernel Git).

When exploited, this vulnerability can cause system instability and potential crashes due to improper CPU data structure access in preemptible code contexts. The issue specifically affects systems running the Linux kernel with the lpfc driver and CMF enabled (Ubuntu Security).

The issue has been fixed by replacing thiscpuptr() with percpuptr() using rawsmpprocessor_id() instead. This change ensures proper access to per-CPU data structures in preemptible contexts. The fix has been implemented in the kernel source code and is available through system updates (Kernel Git).