CVE-2022-49930
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
01/05/2025
Last modified:
07/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
RDMA/hns: Fix NULL pointer problem in free_mr_init()<br />
<br />
Lock grab occurs in a concurrent scenario, resulting in stepping on a NULL<br />
pointer. It should be init mutex_init() first before use the lock.<br />
<br />
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000<br />
Call trace:<br />
__mutex_lock.constprop.0+0xd0/0x5c0<br />
__mutex_lock_slowpath+0x1c/0x2c<br />
mutex_lock+0x44/0x50<br />
free_mr_send_cmd_to_hw+0x7c/0x1c0 [hns_roce_hw_v2]<br />
hns_roce_v2_dereg_mr+0x30/0x40 [hns_roce_hw_v2]<br />
hns_roce_dereg_mr+0x4c/0x130 [hns_roce_hw_v2]<br />
ib_dereg_mr_user+0x54/0x124<br />
uverbs_free_mr+0x24/0x30<br />
destroy_hw_idr_uobject+0x38/0x74<br />
uverbs_destroy_uobject+0x48/0x1c4<br />
uobj_destroy+0x74/0xcc<br />
ib_uverbs_cmd_verbs+0x368/0xbb0<br />
ib_uverbs_ioctl+0xec/0x1a4<br />
__arm64_sys_ioctl+0xb4/0x100<br />
invoke_syscall+0x50/0x120<br />
el0_svc_common.constprop.0+0x58/0x190<br />
do_el0_svc+0x30/0x90<br />
el0_svc+0x2c/0xb4<br />
el0t_64_sync_handler+0x1a4/0x1b0<br />
el0t_64_sync+0x19c/0x1a0
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.18 (including) | 6.0.8 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page