Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-48692

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
03/05/2024
Last modified:
23/05/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/srp: Set scmnd-&gt;result only when scmnd is not NULL<br /> <br /> This change fixes the following kernel NULL pointer dereference<br /> which is reproduced by blktests srp/007 occasionally.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000170<br /> PGD 0 P4D 0<br /> Oops: 0002 [#1] PREEMPT SMP NOPTI<br /> CPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014<br /> Workqueue: 0x0 (kblockd)<br /> RIP: 0010:srp_recv_done+0x176/0x500 [ib_srp]<br /> Code: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6 42 13 89 87 70 01 00 00 41 0f b6 52 12 f6 c2 02 74 44 41 8b 42 1c b9<br /> RSP: 0018:ffffaef7c0003e28 EFLAGS: 00000282<br /> RAX: 0000000000000000 RBX: ffff9bc9486dea60 RCX: 0000000000000000<br /> RDX: 0000000000000102 RSI: ffffffffb76bbd0e RDI: 00000000ffffffff<br /> RBP: ffff9bc980099a00 R08: 0000000000000001 R09: 0000000000000001<br /> R10: ffff9bca53ef0000 R11: ffff9bc980099a10 R12: ffff9bc956e14000<br /> R13: ffff9bc9836b9cb0 R14: ffff9bc9557b4480 R15: 0000000000000000<br /> FS: 0000000000000000(0000) GS:ffff9bc97ec00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000000000170 CR3: 0000000007e04000 CR4: 00000000000006f0<br /> Call Trace:<br /> <br /> __ib_process_cq+0xb7/0x280 [ib_core]<br /> ib_poll_handler+0x2b/0x130 [ib_core]<br /> irq_poll_softirq+0x93/0x150<br /> __do_softirq+0xee/0x4b8<br /> irq_exit_rcu+0xf7/0x130<br /> sysvec_apic_timer_interrupt+0x8e/0xc0<br />

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.14 (including) 5.15.68 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.19.9 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools