| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061817-CVE-2022-50137-c539@gregkh> Date: Wed, 18 Jun 2025 13:03:22 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50137: RDMA/irdma: Fix a window for use-after-free From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a window for use-after-free During a destroy CQ an interrupt may cause processing of a CQE after CQ resources are freed by irdma_cq_free_rsrc(). Fix this by moving the call to irdma_cq_free_rsrc() after the irdma_sc_cleanup_ceqes(), which is called under the cq_lock. The Linux kernel CVE team has assigned CVE-2022-50137 to this issue. Affected and fixed versions =========================== Issue introduced in 5.14 with commit b48c24c2d710cf34810c555dcef883a3d35a9c08 and fixed in 5.15.61 with commit 92520864ef9f912f38b403d172a0ded020683d55 Issue introduced in 5.14 with commit b48c24c2d710cf34810c555dcef883a3d35a9c08 and fixed in 5.18.18 with commit 0abf2eef80295923b819ce89ff9edc1fe61be17c Issue introduced in 5.14 with commit b48c24c2d710cf34810c555dcef883a3d35a9c08 and fixed in 5.19.2 with commit 350ac793a03c8a30a3f2b27fc282cd1c67070763 Issue introduced in 5.14 with commit b48c24c2d710cf34810c555dcef883a3d35a9c08 and fixed in 6.0 with commit 8ecef7890b3aea78c8bbb501a4b5b8134367b821 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50137 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/hw/irdma/verbs.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/92520864ef9f912f38b403d172a0ded020683d55 https://git.kernel.org/stable/c/0abf2eef80295923b819ce89ff9edc1fe61be17c https://git.kernel.org/stable/c/350ac793a03c8a30a3f2b27fc282cd1c67070763 https://git.kernel.org/stable/c/8ecef7890b3aea78c8bbb501a4b5b8134367b821
Powered by blists - more mailing lists