CVE-2022-49931

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> IB/hfi1: Correctly move list in sc_disable()<br /> <br /> Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()")<br /> incorrectly tries to move a list from one list head to another. The<br /> result is a kernel crash.<br /> <br /> The crash is triggered when a link goes down and there are waiters for a<br /> send to complete. The following signature is seen:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000030<br /> [...]<br /> Call Trace:<br /> sc_disable+0x1ba/0x240 [hfi1]<br /> pio_freeze+0x3d/0x60 [hfi1]<br /> handle_freeze+0x27/0x1b0 [hfi1]<br /> process_one_work+0x1b0/0x380<br /> ? process_one_work+0x380/0x380<br /> worker_thread+0x30/0x360<br /> ? process_one_work+0x380/0x380<br /> kthread+0xd7/0x100<br /> ? kthread_complete_and_exit+0x20/0x20<br /> ret_from_fork+0x1f/0x30<br /> <br /> The fix is to use the correct call to move the list.