| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120946-CVE-2022-50671-e025@gregkh> Date: Tue, 9 Dec 2025 10:30:56 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50671: RDMA/rxe: Fix "kernel NULL pointer dereference" error From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxe_queue_init in the function rxe_qp_init_req fails, both qp->req.task.func and qp->req.task.arg are not initialized. Because of creation of qp fails, the function rxe_create_qp will call rxe_qp_do_cleanup to handle allocated resource. Before calling __rxe_do_task, both qp->req.task.func and qp->req.task.arg should be checked. The Linux kernel CVE team has assigned CVE-2022-50671 to this issue. Affected and fixed versions =========================== Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 4.9.331 with commit 48cd7098e71735ccafa0b3cf27c53924f9cb5b2f Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 4.14.296 with commit eca119693010032d6cc6e7e9b4fb2c363c7e12ce Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 4.19.262 with commit 9c5dd6993c794703e74c6ba17ac78ca0211ef940 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.4.220 with commit 0d773c58d702f0a7c16ee8d69617fd2c28350795 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.10.150 with commit cdce36a88def550773142a34ef727a830cad96a8 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.15.75 with commit f2f405af70e6f0419e718d23fa304798a5405c41 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.19.17 with commit bb33fa65da77f5f02dbee6f25cebaeedfcd70028 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 6.0.3 with commit 3b8752f086eb6865cc3662ad13249b03024501e5 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 6.1 with commit a625ca30eff806395175ebad3ac1399014bdb280 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50671 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/sw/rxe/rxe_qp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/48cd7098e71735ccafa0b3cf27c53924f9cb5b2f https://git.kernel.org/stable/c/eca119693010032d6cc6e7e9b4fb2c363c7e12ce https://git.kernel.org/stable/c/9c5dd6993c794703e74c6ba17ac78ca0211ef940 https://git.kernel.org/stable/c/0d773c58d702f0a7c16ee8d69617fd2c28350795 https://git.kernel.org/stable/c/cdce36a88def550773142a34ef727a830cad96a8 https://git.kernel.org/stable/c/f2f405af70e6f0419e718d23fa304798a5405c41 https://git.kernel.org/stable/c/bb33fa65da77f5f02dbee6f25cebaeedfcd70028 https://git.kernel.org/stable/c/3b8752f086eb6865cc3662ad13249b03024501e5 https://git.kernel.org/stable/c/a625ca30eff806395175ebad3ac1399014bdb280
Powered by blists - more mailing lists