CVE-2022-48858

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: Fix a race on command flush flow<br /> <br /> Fix a refcount use after free warning due to a race on command entry.<br /> Such race occurs when one of the commands releases its last refcount and<br /> frees its index and entry while another process running command flush<br /> flow takes refcount to this command entry. The process which handles<br /> commands flush may see this command as needed to be flushed if the other<br /> process released its refcount but didn&amp;#39;t release the index yet. Fix it<br /> by adding the needed spin lock.<br /> <br /> It fixes the following warning trace:<br /> <br /> refcount_t: addition on 0; use-after-free.<br /> WARNING: CPU: 11 PID: 540311 at lib/refcount.c:25 refcount_warn_saturate+0x80/0xe0<br /> ...<br /> RIP: 0010:refcount_warn_saturate+0x80/0xe0<br /> ...<br /> Call Trace:<br /> <br /> mlx5_cmd_trigger_completions+0x293/0x340 [mlx5_core]<br /> mlx5_cmd_flush+0x3a/0xf0 [mlx5_core]<br /> enter_error_state+0x44/0x80 [mlx5_core]<br /> mlx5_fw_fatal_reporter_err_work+0x37/0xe0 [mlx5_core]<br /> process_one_work+0x1be/0x390<br /> worker_thread+0x4d/0x3d0<br /> ? rescuer_thread+0x350/0x350<br /> kthread+0x141/0x160<br /> ? set_kthread_struct+0x40/0x40<br /> ret_from_fork+0x1f/0x30<br />