| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022656-CVE-2022-49433-5ef1@gregkh> Date: Wed, 26 Feb 2025 03:11:47 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49433: RDMA/hfi1: Prevent use of lock before it is initialized Description =========== In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent use of lock before it is initialized If there is a failure during probe of hfi1 before the sdma_map_lock is initialized, the call to hfi1_free_devdata() will attempt to use a lock that has not been initialized. If the locking correctness validator is on then an INFO message and stack trace resembling the following may be seen: INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. Call Trace: register_lock_class+0x11b/0x880 __lock_acquire+0xf3/0x7930 lock_acquire+0xff/0x2d0 _raw_spin_lock_irq+0x46/0x60 sdma_clean+0x42a/0x660 [hfi1] hfi1_free_devdata+0x3a7/0x420 [hfi1] init_one+0x867/0x11a0 [hfi1] pci_device_probe+0x40e/0x8d0 The use of sdma_map_lock in sdma_clean() is for freeing the sdma_map memory, and sdma_map is not allocated/initialized until after sdma_map_lock has been initialized. This code only needs to be run if sdma_map is not NULL, and so checking for that condition will avoid trying to use the lock before it is initialized. The Linux kernel CVE team has assigned CVE-2022-49433 to this issue. Affected and fixed versions =========================== Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 4.19.247 with commit 66090815a24ce14cf51ef5453fc0218fe8a39bc2 Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.4.198 with commit addb192000d8819c0b1553453994df9bb54c28db Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.10.121 with commit fc0750e659db7b315bf6348902cc8ca3cdd4b8d8 Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.15.46 with commit ca55150bff5817af4f857a746ecab9862c23e12a Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.17.14 with commit 30eb275e7ed588270ae159cc590a96658e0cfd8f Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.18.3 with commit 288d198f50434f29b4a26a9de4394ae2305ad8af Issue introduced in 4.3 with commit 7724105686e718ac476a6ad3304fea2fbcfcffde and fixed in 5.19 with commit 05c03dfd09c069c4ffd783b47b2da5dcc9421f2c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49433 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/hw/hfi1/sdma.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/66090815a24ce14cf51ef5453fc0218fe8a39bc2 https://git.kernel.org/stable/c/addb192000d8819c0b1553453994df9bb54c28db https://git.kernel.org/stable/c/fc0750e659db7b315bf6348902cc8ca3cdd4b8d8 https://git.kernel.org/stable/c/ca55150bff5817af4f857a746ecab9862c23e12a https://git.kernel.org/stable/c/30eb275e7ed588270ae159cc590a96658e0cfd8f https://git.kernel.org/stable/c/288d198f50434f29b4a26a9de4394ae2305ad8af https://git.kernel.org/stable/c/05c03dfd09c069c4ffd783b47b2da5dcc9421f2c
Powered by blists - more mailing lists