CVE-2022-49925

Summary

In the Linux kernel, the following vulnerability has been resolved:

RDMA/core: Fix null-ptr-deref in ib_core_cleanup()

KASAN reported a null-ptr-deref error:

KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 1 PID: 379 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:destroy_workqueue+0x2f/0x740 RSP: 0018:ffff888016137df8 EFLAGS: 00000202 … Call Trace: ib_core_cleanup+0xa/0xa1 [ib_core] __do_sys_delete_module.constprop.0+0x34f/0x5b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa1a0d221b7 …

It is because the fail of roce_gid_mgmt_init() is ignored:

ib_core_init() roce_gid_mgmt_init() gid_cache_wq = alloc_ordered_workqueue # fail … ib_core_cleanup() roce_gid_mgmt_cleanup() destroy_workqueue(gid_cache_wq) # destroy an unallocated wq

Fix this by catching the fail of roce_gid_mgmt_init() in ib_core_init().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux03db3a2d81e6e84f3ed3cb9e087cae17d762642b < af8fb5a0600e9ae29950e9422a032c3c22649ee5affected
LinuxLinux03db3a2d81e6e84f3ed3cb9e087cae17d762642b < d360e875c011a005628525bf290322058927e7dcaffected
LinuxLinux03db3a2d81e6e84f3ed3cb9e087cae17d762642b < 6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5affected
LinuxLinux03db3a2d81e6e84f3ed3cb9e087cae17d762642b < ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9affected
LinuxLinux03db3a2d81e6e84f3ed3cb9e087cae17d762642b < 07c0d131cc0fe1f3981a42958fc52d573d303d89affected
LinuxLinux4.3affected
LinuxLinux0 < 4.3unaffected
LinuxLinux5.4.224 <= 5.4.*unaffected
LinuxLinux5.10.154 <= 5.10.*unaffected
LinuxLinux5.15.78 <= 5.15.*unaffected
LinuxLinux6.0.8 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References