From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43C1111CAF for ; Tue, 9 Dec 2025 01:31:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765243891; cv=none; b=FKFuSaiHB9TRgKL2cPm91lruleDzt+pq+Fw1/jy+DJTipdjtidgLliuRuFU3aNUKSdbPQSRQbRiLx56lMqisAYvyoH4Xqq3BWiZmVttaZmuHJ/yhnWNkblSkVjK/Qr+TT/PBosxOijHq2iZfD9r0UCR7JkDm27uXsTZzYyhLCRM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765243891; c=relaxed/simple; bh=49LgcVZ1oA4aNhUB6z8TS+5BT92hv8/K/RTUi/RENSU=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=k7/9Iv87aJlxkARn/fSwD9I45j8hJLtASG+1dC7EMJTkCCXGls9qvv25YtdOpKHfULHrW6Jbos+Hg484mAPcmPG2wr2z3De8UimZ6/b3+Yx/TKquWVurl8f7LKfhgNEdV8TgNNZhEHwuQTk7/tx9UThtrFKJRRfz2msFwYT8cn0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=Ca4zM5dt; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="Ca4zM5dt" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 104C2C4CEF1; Tue, 9 Dec 2025 01:31:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1765243890; bh=49LgcVZ1oA4aNhUB6z8TS+5BT92hv8/K/RTUi/RENSU=; h=From:To:Cc:Subject:Date:Reply-To:From; b=Ca4zM5dtc7d3AVSW8lCACuA7ouEqjDLs1qAEwNEsl13ir1TKKuAfWyQNdiTEHtuHv UGI6zvXF75tFjlqyIZ/+ZNn9DcE9IxdT/MDU4LJAArPhvj3gZikbfOYiTSdT3EsAhA xWqJrxC2Lt/KbE/Kf1YO5lwIjZusL1Xw8O323xW4= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2022-50671: RDMA/rxe: Fix "kernel NULL pointer dereference" error Date: Tue, 9 Dec 2025 10:30:56 +0900 Message-ID: <2025120946-CVE-2022-50671-e025@gregkh> X-Mailer: git-send-email 2.52.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3709; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=rls3TG1T4Ld7AV/4OCmyDWISwQ0gJ1tAeVzFAVMFdyI=; b=owGbwMvMwCRo6H6F97bub03G02pJDJnm1ccE1Zq9fa6c7fj/q/3eopereN3uXH7345ipI8t32 1sTLp673hHLwiDIxCArpsjyZRvP0f0VhxS9DG1Pw8xhZQIZwsDFKQAT2ajMsKDVV3XhraWNBmnd s/9cyV+5kY8hzolhwcJj0o4//ut9nPpTzN3ujrWd7fHJjwE= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxe_queue_init in the function rxe_qp_init_req fails, both qp->req.task.func and qp->req.task.arg are not initialized. Because of creation of qp fails, the function rxe_create_qp will call rxe_qp_do_cleanup to handle allocated resource. Before calling __rxe_do_task, both qp->req.task.func and qp->req.task.arg should be checked. The Linux kernel CVE team has assigned CVE-2022-50671 to this issue. Affected and fixed versions =========================== Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 4.9.331 with commit 48cd7098e71735ccafa0b3cf27c53924f9cb5b2f Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 4.14.296 with commit eca119693010032d6cc6e7e9b4fb2c363c7e12ce Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 4.19.262 with commit 9c5dd6993c794703e74c6ba17ac78ca0211ef940 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.4.220 with commit 0d773c58d702f0a7c16ee8d69617fd2c28350795 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.10.150 with commit cdce36a88def550773142a34ef727a830cad96a8 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.15.75 with commit f2f405af70e6f0419e718d23fa304798a5405c41 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 5.19.17 with commit bb33fa65da77f5f02dbee6f25cebaeedfcd70028 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 6.0.3 with commit 3b8752f086eb6865cc3662ad13249b03024501e5 Issue introduced in 4.8 with commit 8700e3e7c4857d28ebaa824509934556da0b3e76 and fixed in 6.1 with commit a625ca30eff806395175ebad3ac1399014bdb280 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50671 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/sw/rxe/rxe_qp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/48cd7098e71735ccafa0b3cf27c53924f9cb5b2f https://git.kernel.org/stable/c/eca119693010032d6cc6e7e9b4fb2c363c7e12ce https://git.kernel.org/stable/c/9c5dd6993c794703e74c6ba17ac78ca0211ef940 https://git.kernel.org/stable/c/0d773c58d702f0a7c16ee8d69617fd2c28350795 https://git.kernel.org/stable/c/cdce36a88def550773142a34ef727a830cad96a8 https://git.kernel.org/stable/c/f2f405af70e6f0419e718d23fa304798a5405c41 https://git.kernel.org/stable/c/bb33fa65da77f5f02dbee6f25cebaeedfcd70028 https://git.kernel.org/stable/c/3b8752f086eb6865cc3662ad13249b03024501e5 https://git.kernel.org/stable/c/a625ca30eff806395175ebad3ac1399014bdb280