CVE-2022-48751

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/smc: Transitional solution for clcsock race issue<br /> <br /> We encountered a crash in smc_setsockopt() and it is caused by<br /> accessing smc-&gt;clcsock after clcsock was released.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000020<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] PREEMPT SMP PTI<br /> CPU: 1 PID: 50309 Comm: nginx Kdump: loaded Tainted: G E 5.16.0-rc4+ #53<br /> RIP: 0010:smc_setsockopt+0x59/0x280 [smc]<br /> Call Trace:<br /> <br /> __sys_setsockopt+0xfc/0x190<br /> __x64_sys_setsockopt+0x20/0x30<br /> do_syscall_64+0x34/0x90<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> RIP: 0033:0x7f16ba83918e<br /> <br /> <br /> This patch tries to fix it by holding clcsock_release_lock and<br /> checking whether clcsock has already been released before access.<br /> <br /> In case that a crash of the same reason happens in smc_getsockopt()<br /> or smc_switch_to_fallback(), this patch also checkes smc-&gt;clcsock<br /> in them too. And the caller of smc_switch_to_fallback() will identify<br /> whether fallback succeeds according to the return value.