| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022637-CVE-2022-49321-6cf0@gregkh> Date: Wed, 26 Feb 2025 03:09:55 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49321: xprtrdma: treat all calls not a bcall when bc_serv is NULL Description =========== In the Linux kernel, the following vulnerability has been resolved: xprtrdma: treat all calls not a bcall when bc_serv is NULL When a rdma server returns a fault format reply, nfs v3 client may treats it as a bcall when bc service is not exist. The debug message at rpcrdma_bc_receive_call are, [56579.837169] RPC: rpcrdma_bc_receive_call: callback XID 00000001, length=20 [56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 After that, rpcrdma_bc_receive_call will meets NULL pointer as, [ 226.057890] BUG: unable to handle kernel NULL pointer dereference at 00000000000000c8 ... [ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20 ... [ 226.059732] Call Trace: [ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma] [ 226.060011] __ib_process_cq+0x89/0x170 [ib_core] [ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core] [ 226.060257] process_one_work+0x1a7/0x360 [ 226.060367] ? create_worker+0x1a0/0x1a0 [ 226.060440] worker_thread+0x30/0x390 [ 226.060500] ? create_worker+0x1a0/0x1a0 [ 226.060574] kthread+0x116/0x130 [ 226.060661] ? kthread_flush_work_fn+0x10/0x10 [ 226.060724] ret_from_fork+0x35/0x40 ... The Linux kernel CVE team has assigned CVE-2022-49321 to this issue. Affected and fixed versions =========================== Fixed in 4.14.283 with commit 8e3943c50764dc7c5f25911970c3ff062ec1f18c Fixed in 4.19.247 with commit 998d35a2aff4b81a1c784f3aa45cd3afff6814c1 Fixed in 5.4.198 with commit da99331fa62131a38a0947a8204c5208de7b0454 Fixed in 5.10.122 with commit 8dbae5affbdbf524b48000f9d357925bb001e5f4 Fixed in 5.15.47 with commit a3fc8051ee061e31db13e2fe011e8e0b71a7f815 Fixed in 5.17.15 with commit 90c4f73104016748533a5707ecd15930fbeff402 Fixed in 5.18.4 with commit 91784f3d77b73885e1b2e6b59d3cbf0de0a1126a Fixed in 5.19 with commit 11270e7ca268e8d61b5d9e5c3a54bd1550642c9c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49321 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/sunrpc/xprtrdma/rpc_rdma.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8e3943c50764dc7c5f25911970c3ff062ec1f18c https://git.kernel.org/stable/c/998d35a2aff4b81a1c784f3aa45cd3afff6814c1 https://git.kernel.org/stable/c/da99331fa62131a38a0947a8204c5208de7b0454 https://git.kernel.org/stable/c/8dbae5affbdbf524b48000f9d357925bb001e5f4 https://git.kernel.org/stable/c/a3fc8051ee061e31db13e2fe011e8e0b71a7f815 https://git.kernel.org/stable/c/90c4f73104016748533a5707ecd15930fbeff402 https://git.kernel.org/stable/c/91784f3d77b73885e1b2e6b59d3cbf0de0a1126a https://git.kernel.org/stable/c/11270e7ca268e8d61b5d9e5c3a54bd1550642c9c
Powered by blists - more mailing lists