CVE-2022-50475

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/core: Make sure "ib_port" is valid when access sysfs node<br /> <br /> The "ib_port" structure must be set before adding the sysfs kobject,<br /> and reset after removing it, otherwise it may crash when accessing<br /> the sysfs node:<br /> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050<br /> Mem abort info:<br /> ESR = 0x96000006<br /> Exception class = DABT (current EL), IL = 32 bits<br /> SET = 0, FnV = 0<br /> EA = 0, S1PTW = 0<br /> Data abort info:<br /> ISV = 0, ISS = 0x00000006<br /> CM = 0, WnR = 0<br /> user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000e85f5ba5<br /> [0000000000000050] pgd=0000000848fd9003, pud=000000085b387003, pmd=0000000000000000<br /> Internal error: Oops: 96000006 [#2] PREEMPT SMP<br /> Modules linked in: ib_umad(O) mlx5_ib(O) nfnetlink_cttimeout(E) nfnetlink(E) act_gact(E) cls_flower(E) sch_ingress(E) openvswitch(E) nsh(E) nf_nat_ipv6(E) nf_nat_ipv4(E) nf_conncount(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) mst_pciconf(O) ipmi_devintf(E) ipmi_msghandler(E) ipmb_dev_int(OE) mlx5_core(O) mlxfw(O) mlxdevm(O) auxiliary(O) ib_uverbs(O) ib_core(O) mlx_compat(O) psample(E) sbsa_gwdt(E) uio_pdrv_genirq(E) uio(E) mlxbf_pmc(OE) mlxbf_gige(OE) mlxbf_tmfifo(OE) gpio_mlxbf2(OE) pwr_mlxbf(OE) mlx_trio(OE) i2c_mlxbf(OE) mlx_bootctl(OE) bluefield_edac(OE) knem(O) ip_tables(E) ipv6(E) crc_ccitt(E) [last unloaded: mst_pci]<br /> Process grep (pid: 3372, stack limit = 0x0000000022055c92)<br /> CPU: 5 PID: 3372 Comm: grep Tainted: G D OE 4.19.161-mlnx.47.gadcd9e3 #1<br /> Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.9.2-15-ga2403ab Sep 8 2022<br /> pstate: 40000005 (nZcv daif -PAN -UAO)<br /> pc : hw_stat_port_show+0x4c/0x80 [ib_core]<br /> lr : port_attr_show+0x40/0x58 [ib_core]<br /> sp : ffff000029f43b50<br /> x29: ffff000029f43b50 x28: 0000000019375000<br /> x27: ffff8007b821a540 x26: ffff000029f43e30<br /> x25: 0000000000008000 x24: ffff000000eaa958<br /> x23: 0000000000001000 x22: ffff8007a4ce3000<br /> x21: ffff8007baff8000 x20: ffff8007b9066ac0<br /> x19: ffff8007bae97578 x18: 0000000000000000<br /> x17: 0000000000000000 x16: 0000000000000000<br /> x15: 0000000000000000 x14: 0000000000000000<br /> x13: 0000000000000000 x12: 0000000000000000<br /> x11: 0000000000000000 x10: 0000000000000000<br /> x9 : 0000000000000000 x8 : ffff8007a4ce4000<br /> x7 : 0000000000000000 x6 : 000000000000003f<br /> x5 : ffff000000e6a280 x4 : ffff8007a4ce3000<br /> x3 : 0000000000000000 x2 : aaaaaaaaaaaaaaab<br /> x1 : ffff8007b9066a10 x0 : ffff8007baff8000<br /> Call trace:<br /> hw_stat_port_show+0x4c/0x80 [ib_core]<br /> port_attr_show+0x40/0x58 [ib_core]<br /> sysfs_kf_seq_show+0x8c/0x150<br /> kernfs_seq_show+0x44/0x50<br /> seq_read+0x1b4/0x45c<br /> kernfs_fop_read+0x148/0x1d8<br /> __vfs_read+0x58/0x180<br /> vfs_read+0x94/0x154<br /> ksys_read+0x68/0xd8<br /> __arm64_sys_read+0x28/0x34<br /> el0_svc_common+0x88/0x18c<br /> el0_svc_handler+0x78/0x94<br /> el0_svc+0x8/0xe8<br /> Code: f2955562 aa1603e4 aa1503e0 f9405683 (f9402861)