CVE-2022-49930

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
01/05/2025
Last modified:
07/05/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/hns: Fix NULL pointer problem in free_mr_init()<br /> <br /> Lock grab occurs in a concurrent scenario, resulting in stepping on a NULL<br /> pointer. It should be init mutex_init() first before use the lock.<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000<br /> Call trace:<br /> __mutex_lock.constprop.0+0xd0/0x5c0<br /> __mutex_lock_slowpath+0x1c/0x2c<br /> mutex_lock+0x44/0x50<br /> free_mr_send_cmd_to_hw+0x7c/0x1c0 [hns_roce_hw_v2]<br /> hns_roce_v2_dereg_mr+0x30/0x40 [hns_roce_hw_v2]<br /> hns_roce_dereg_mr+0x4c/0x130 [hns_roce_hw_v2]<br /> ib_dereg_mr_user+0x54/0x124<br /> uverbs_free_mr+0x24/0x30<br /> destroy_hw_idr_uobject+0x38/0x74<br /> uverbs_destroy_uobject+0x48/0x1c4<br /> uobj_destroy+0x74/0xcc<br /> ib_uverbs_cmd_verbs+0x368/0xbb0<br /> ib_uverbs_ioctl+0xec/0x1a4<br /> __arm64_sys_ioctl+0xb4/0x100<br /> invoke_syscall+0x50/0x120<br /> el0_svc_common.constprop.0+0x58/0x190<br /> do_el0_svc+0x30/0x90<br /> el0_svc+0x2c/0xb4<br /> el0t_64_sync_handler+0x1a4/0x1b0<br /> el0t_64_sync+0x19c/0x1a0

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.18 (including) 6.0.8 (excluding)
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*