CVE-2022-49820
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
02/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
mctp i2c: don&#39;t count unused / invalid keys for flow release<br />
<br />
We&#39;re currently hitting the WARN_ON in mctp_i2c_flow_release:<br />
<br />
if (midev->release_count > midev->i2c_lock_count) {<br />
WARN_ONCE(1, "release count overflow");<br />
<br />
This may be hit if we expire a flow before sending the first packet it<br />
contains - as we will not be pairing the increment of release_count<br />
(performed on flow release) with the i2c lock operation (only<br />
performed on actual TX).<br />
<br />
To fix this, only release a flow if we&#39;ve encountered it previously (ie,<br />
dev_flow_state does not indicate NEW), as we will mark the flow as<br />
ACTIVE at the same time as accounting for the i2c lock operation. We<br />
also need to add an INVALID flow state, to indicate when we&#39;ve done the<br />
release.