CVE-2022-50356

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: sched: sfb: fix null pointer access issue when sfb_init() fails<br /> <br /> When the default qdisc is sfb, if the qdisc of dev_queue fails to be<br /> inited during mqprio_init(), sfb_reset() is invoked to clear resources.<br /> In this case, the q-&gt;qdisc is NULL, and it will cause gpf issue.<br /> <br /> The process is as follows:<br /> qdisc_create_dflt()<br /> sfb_init()<br /> tcf_block_get() ---&gt;failed, q-&gt;qdisc is NULL<br /> ...<br /> qdisc_put()<br /> ...<br /> sfb_reset()<br /> qdisc_reset(q-&gt;qdisc) ---&gt;q-&gt;qdisc is NULL<br /> ops = qdisc-&gt;ops<br /> <br /> The following is the Call Trace information:<br /> general protection fault, probably for non-canonical address<br /> 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN<br /> KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]<br /> RIP: 0010:qdisc_reset+0x2b/0x6f0<br /> Call Trace:<br /> <br /> sfb_reset+0x37/0xd0<br /> qdisc_reset+0xed/0x6f0<br /> qdisc_destroy+0x82/0x4c0<br /> qdisc_put+0x9e/0xb0<br /> qdisc_create_dflt+0x2c3/0x4a0<br /> mqprio_init+0xa71/0x1760<br /> qdisc_create+0x3eb/0x1000<br /> tc_modify_qdisc+0x408/0x1720<br /> rtnetlink_rcv_msg+0x38e/0xac0<br /> netlink_rcv_skb+0x12d/0x3a0<br /> netlink_unicast+0x4a2/0x740<br /> netlink_sendmsg+0x826/0xcc0<br /> sock_sendmsg+0xc5/0x100<br /> ____sys_sendmsg+0x583/0x690<br /> ___sys_sendmsg+0xe8/0x160<br /> __sys_sendmsg+0xbf/0x160<br /> do_syscall_64+0x35/0x80<br /> entry_SYSCALL_64_after_hwframe+0x46/0xb0<br /> RIP: 0033:0x7f2164122d04<br />