CVE-2022-49931

IB/hfi1: Correctly move list in sc_disable()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in sc_disable() Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()")
incorrectly tries to move a list from one list head to another. The
result is a kernel crash. The crash is triggered when a link goes down and there are waiters for a
send to complete. The following signature is seen: BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] Call Trace: sc_disable+0x1ba/0x240 [hfi1] pio_freeze+0x3d/0x60 [hfi1] handle_freeze+0x27/0x1b0 [hfi1] process_one_work+0x1b0/0x380 ? process_one_work+0x380/0x380 worker_thread+0x30/0x360 ? process_one_work+0x380/0x380 kthread+0xd7/0x100 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 The fix is to use the correct call to move the list.

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in sc_disable() Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()") incorrectly tries to move a list from one list head to another. The result is a kernel crash. The crash is triggered when a link goes down and there are waiters for a send to complete. The following signature is seen: BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] Call Trace: sc_disable+0x1ba/0x240 [hfi1] pio_freeze+0x3d/0x60 [hfi1] handle_freeze+0x27/0x1b0 [hfi1] process_one_work+0x1b0/0x380 ? process_one_work+0x380/0x380 worker_thread+0x30/0x360 ? process_one_work+0x380/0x380 kthread+0xd7/0x100 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 The fix is to use the correct call to move the list.

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bug fixes.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-05-01 CVE Reserved
2025-05-01 CVE Published
2025-05-04 CVE Updated
2025-06-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/d997d4e4365f7e59cf6b59c70f966c56d704b64f	Vuln. Introduced
https://git.kernel.org/stable/c/d98883f6c33e0d960afedcecaa92fc2b61fec383	Vuln. Introduced
https://git.kernel.org/stable/c/13bac861952a78664907a0f927d3e874e9a59034	Vuln. Introduced
https://git.kernel.org/stable/c/5d33bd6b4d4d035e42733592899918a18f2540da	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/25760a41e3802f54aadcc31385543665ab349b8e	2022-11-10
https://git.kernel.org/stable/c/7c4260f8f188df32414a5ecad63e8b934c2aa3f0	2022-11-10
https://git.kernel.org/stable/c/ba95409d6b580501ff6d78efd00064f7df669926	2022-11-10
https://git.kernel.org/stable/c/b8bcff99b07cc175a6ee12a52db51cdd2229586c	2022-11-10
https://git.kernel.org/stable/c/1afac08b39d85437187bb2a92d89a741b1078f55	2022-10-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.157 < 5.4.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.157 < 5.4.224"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.77 < 5.10.154 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.77 < 5.10.154"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.15.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.78"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.0.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.0.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14.16 Search vendor "Linux" for product "Linux Kernel" and version "5.14.16"		en		Affected