CVE-2022-49820

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mctp i2c: don&amp;#39;t count unused / invalid keys for flow release<br /> <br /> We&amp;#39;re currently hitting the WARN_ON in mctp_i2c_flow_release:<br /> <br /> if (midev-&gt;release_count &gt; midev-&gt;i2c_lock_count) {<br /> WARN_ONCE(1, "release count overflow");<br /> <br /> This may be hit if we expire a flow before sending the first packet it<br /> contains - as we will not be pairing the increment of release_count<br /> (performed on flow release) with the i2c lock operation (only<br /> performed on actual TX).<br /> <br /> To fix this, only release a flow if we&amp;#39;ve encountered it previously (ie,<br /> dev_flow_state does not indicate NEW), as we will mark the flow as<br /> ACTIVE at the same time as accounting for the i2c lock operation. We<br /> also need to add an INVALID flow state, to indicate when we&amp;#39;ve done the<br /> release.