CVE-2022-49925

MEDIUM EPSS 6.1%
Published May 1, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 1 PID: 379 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:destroy_workqueue+0x2f/0x740 RSP: 0018:ffff888016137df8 EFLAGS: 00000202 ... Call Trace: ib_core_cleanup+0xa/0xa1 [ib_core] __do_sys_delete_module.constprop.0+0x34f/0x5b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa1a0d221b7 ... It is because the fail of roce_gid_mgmt_init() is ignored: ib_core_init() roce_gid_mgmt_init() gid_cache_wq = alloc_ordered_workqueue # fail ... ib_core_cleanup() roce_gid_mgmt_cleanup() destroy_workqueue(gid_cache_wq) # destroy an unallocated wq Fix this by catching the fail of roce_gid_mgmt_init() in ib_core_init().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.3  –  <5.4.224
linuxlinux_kernel*≥5.5  –  <5.10.154
linuxlinux_kernel*≥5.11  –  <5.15.78
linuxlinux_kernel*≥5.16  –  <6.0.8
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/07c0d131cc0fe1f3981a42958fc52d573d303d89
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af8fb5a0600e9ae29950e9422a032c3c22649ee5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d360e875c011a005628525bf290322058927e7dc
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/07c0d131cc0fe1f3981a42958fc52d573d303d89
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af8fb5a0600e9ae29950e9422a032c3c22649ee5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d360e875c011a005628525bf290322058927e7dc
    Patch