-
CVE-2022-50885
- EPSS 0.05%
- Veröffentlicht 30.12.2025 12:34:12
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe] Read of size 8 at addr 0000000000000018 by task mount.cifs/3046 CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 kasan_report+0xad/0x130 rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe] execute_in_process_context+0x25/0x90 __rxe_cleanup+0x101/0x1d0 [rdma_rxe] rxe_create_qp+0x16a/0x180 [rdma_rxe] create_qp.part.0+0x27d/0x340 ib_create_qp_kernel+0x73/0x160 rdma_create_qp+0x100/0x230 _smbd_get_connection+0x752/0x20f0 smbd_get_connection+0x21/0x40 cifs_get_tcp_session+0x8ef/0xda0 mount_get_conns+0x60/0x750 cifs_mount+0x103/0xd00 cifs_smb3_do_mount+0x1dd/0xcb0 smb3_get_tree+0x1d5/0x300 vfs_get_tree+0x41/0xf0 path_mount+0x9b3/0xdd0 __x64_sys_mount+0x190/0x1d0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The root cause of the issue is the socket create failed in rxe_qp_init_req(). So move the reset rxe_qp_do_cleanup() after the NULL ptr check.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
8700e3e7c4857d28ebaa824509934556da0b3e76
Version <
ee24de095569935eba600f7735e8e8ddea5b418e
Status
affected
Version
8700e3e7c4857d28ebaa824509934556da0b3e76
Version <
7340ca9f782be6fbe3f64a134dc112772764f766
Status
affected
Version
8700e3e7c4857d28ebaa824509934556da0b3e76
Version <
bd7106a6004f1077a365ca7f5a99c7a708e20714
Status
affected
Version
8700e3e7c4857d28ebaa824509934556da0b3e76
Version <
6bb5a62bfd624039b05157745c234068508393a9
Status
affected
Version
8700e3e7c4857d28ebaa824509934556da0b3e76
Version <
f64f08b9e6fb305a25dd75329e06ae342b9ce336
Status
affected
Version
8700e3e7c4857d28ebaa824509934556da0b3e76
Version <
5b924632d84a60bc0c7fe6e9bbbce99d03908957
Status
affected
Version
8700e3e7c4857d28ebaa824509934556da0b3e76
Version <
821f9a18210f6b9fd6792471714c799607b25db4
Status
affected
Version
8700e3e7c4857d28ebaa824509934556da0b3e76
Version <
f67376d801499f4fa0838c18c1efcad8840e550d
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.8
Status
affected
Version
0
Version <
4.8
Status
unaffected
Version <=
4.14.*
Version
4.14.303
Status
unaffected
Version <=
4.19.*
Version
4.19.270
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.144 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|