-

CVE-2022-50885

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed

There is a null-ptr-deref when mount.cifs over rdma:

  BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]
  Read of size 8 at addr 0000000000000018 by task mount.cifs/3046

  CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3
  Call Trace:
   <TASK>
   dump_stack_lvl+0x34/0x44
   kasan_report+0xad/0x130
   rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]
   execute_in_process_context+0x25/0x90
   __rxe_cleanup+0x101/0x1d0 [rdma_rxe]
   rxe_create_qp+0x16a/0x180 [rdma_rxe]
   create_qp.part.0+0x27d/0x340
   ib_create_qp_kernel+0x73/0x160
   rdma_create_qp+0x100/0x230
   _smbd_get_connection+0x752/0x20f0
   smbd_get_connection+0x21/0x40
   cifs_get_tcp_session+0x8ef/0xda0
   mount_get_conns+0x60/0x750
   cifs_mount+0x103/0xd00
   cifs_smb3_do_mount+0x1dd/0xcb0
   smb3_get_tree+0x1d5/0x300
   vfs_get_tree+0x41/0xf0
   path_mount+0x9b3/0xdd0
   __x64_sys_mount+0x190/0x1d0
   do_syscall_64+0x35/0x80
   entry_SYSCALL_64_after_hwframe+0x46/0xb0

The root cause of the issue is the socket create failed in
rxe_qp_init_req().

So move the reset rxe_qp_do_cleanup() after the NULL ptr check.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < ee24de095569935eba600f7735e8e8ddea5b418e
Version 8700e3e7c4857d28ebaa824509934556da0b3e76
Status affected
Version < 7340ca9f782be6fbe3f64a134dc112772764f766
Version 8700e3e7c4857d28ebaa824509934556da0b3e76
Status affected
Version < bd7106a6004f1077a365ca7f5a99c7a708e20714
Version 8700e3e7c4857d28ebaa824509934556da0b3e76
Status affected
Version < 6bb5a62bfd624039b05157745c234068508393a9
Version 8700e3e7c4857d28ebaa824509934556da0b3e76
Status affected
Version < f64f08b9e6fb305a25dd75329e06ae342b9ce336
Version 8700e3e7c4857d28ebaa824509934556da0b3e76
Status affected
Version < 5b924632d84a60bc0c7fe6e9bbbce99d03908957
Version 8700e3e7c4857d28ebaa824509934556da0b3e76
Status affected
Version < 821f9a18210f6b9fd6792471714c799607b25db4
Version 8700e3e7c4857d28ebaa824509934556da0b3e76
Status affected
Version < f67376d801499f4fa0838c18c1efcad8840e550d
Version 8700e3e7c4857d28ebaa824509934556da0b3e76
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.8
Status affected
Version < 4.8
Version 0
Status unaffected
Version <= 4.14.*
Version 4.14.303
Status unaffected
Version <= 4.19.*
Version 4.19.270
Status unaffected
Version <= 5.4.*
Version 5.4.229
Status unaffected
Version <= 5.10.*
Version 5.10.163
Status unaffected
Version <= 5.15.*
Version 5.15.86
Status unaffected
Version <= 6.0.*
Version 6.0.16
Status unaffected
Version <= 6.1.*
Version 6.1.2
Status unaffected
Version <= *
Version 6.2
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.099
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.