CVE-2022-49321

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xprtrdma: treat all calls not a bcall when bc_serv is NULL<br /> <br /> When a rdma server returns a fault format reply, nfs v3 client may<br /> treats it as a bcall when bc service is not exist.<br /> <br /> The debug message at rpcrdma_bc_receive_call are,<br /> <br /> [56579.837169] RPC: rpcrdma_bc_receive_call: callback XID<br /> 00000001, length=20<br /> [56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00<br /> 00 00 00 00 00 00 00 00 00 00 00 00 04<br /> <br /> After that, rpcrdma_bc_receive_call will meets NULL pointer as,<br /> <br /> [ 226.057890] BUG: unable to handle kernel NULL pointer dereference at<br /> 00000000000000c8<br /> ...<br /> [ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20<br /> ...<br /> [ 226.059732] Call Trace:<br /> [ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma]<br /> [ 226.060011] __ib_process_cq+0x89/0x170 [ib_core]<br /> [ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core]<br /> [ 226.060257] process_one_work+0x1a7/0x360<br /> [ 226.060367] ? create_worker+0x1a0/0x1a0<br /> [ 226.060440] worker_thread+0x30/0x390<br /> [ 226.060500] ? create_worker+0x1a0/0x1a0<br /> [ 226.060574] kthread+0x116/0x130<br /> [ 226.060661] ? kthread_flush_work_fn+0x10/0x10<br /> [ 226.060724] ret_from_fork+0x35/0x40<br /> ...