CVE-2022-48692
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48692
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48692.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48692
- Downstream
- Related
- Published
- 2024-05-03T15:05:31Z
- Modified
- 2025-10-15T15:15:40.342861Z
- Summary
- RDMA/srp: Set scmnd->result only when scmnd is not NULL
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RDMA/srp: Set scmnd->result only when scmnd is not NULL
This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally.
BUG: kernel NULL pointer dereference, address: 0000000000000170 PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014 Workqueue: 0x0 (kblockd) RIP: 0010:srprecvdone+0x176/0x500 [ibsrp] Code: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6 42 13 <41> 89 87 70 01 00 00 41 0f b6 52 12 f6 c2 02 74 44 41 8b 42 1c b9 RSP: 0018:ffffaef7c0003e28 EFLAGS: 00000282 RAX: 0000000000000000 RBX: ffff9bc9486dea60 RCX: 0000000000000000 RDX: 0000000000000102 RSI: ffffffffb76bbd0e RDI: 00000000ffffffff RBP: ffff9bc980099a00 R08: 0000000000000001 R09: 0000000000000001 R10: ffff9bca53ef0000 R11: ffff9bc980099a10 R12: ffff9bc956e14000 R13: ffff9bc9836b9cb0 R14: ffff9bc9557b4480 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9bc97ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000170 CR3: 0000000007e04000 CR4: 00000000000006f0 Call Trace: <IRQ> _ibprocesscq+0xb7/0x280 [ibcore] ibpollhandler+0x2b/0x130 [ibcore] irqpollsoftirq+0x93/0x150 _dosoftirq+0xee/0x4b8 irqexitrcu+0xf7/0x130 sysvecapictimer_interrupt+0x8e/0xc0 </IRQ>
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/12f35199a2c0551187edbf8eb01379f0598659fa
- https://git.kernel.org/stable/c/a8edd49c94b4b08019ed7d6dd794fca8078a4deb
- https://git.kernel.org/stable/c/f022576aa03c2385ea7f2b27ee5b331e43abf624
- https://git.kernel.org/stable/c/f2c70f56f762e5dc3b0d7dc438fbb137cb116413
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced81982125c352f2db1012c2cd37487e6c0c3b7da8Fixedf022576aa03c2385ea7f2b27ee5b331e43abf624
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedad215aaea4f9d637f441566cdbbc610e9849e1faFixeda8edd49c94b4b08019ed7d6dd794fca8078a4deb
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedad215aaea4f9d637f441566cdbbc610e9849e1faFixedf2c70f56f762e5dc3b0d7dc438fbb137cb116413
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedad215aaea4f9d637f441566cdbbc610e9849e1faFixed12f35199a2c0551187edbf8eb01379f0598659fa
Affected versions
v5.*
v5.13
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v5.19.6
v5.19.7
v5.19.8
v6.*
v6.0-rc1
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"id": "CVE-2022-48692-13d6055d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f022576aa03c2385ea7f2b27ee5b331e43abf624",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "srp_process_rsp",
"file": "drivers/infiniband/ulp/srp/ib_srp.c"
},
"digest": {
"function_hash": "191306471774200159976326629651867564138",
"length": 1725.0
}
},
{
"signature_type": "Line",
"id": "CVE-2022-48692-193a1cbd",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f022576aa03c2385ea7f2b27ee5b331e43abf624",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/infiniband/ulp/srp/ib_srp.c"
},
"digest": {
"line_hashes": [
"176806606749995853815201559954508489428",
"82577325683631547121327704081246526939",
"276815550306726679961660956871192130850",
"89129374942809069481756805392805062250"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2022-48692-1fe61943",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@12f35199a2c0551187edbf8eb01379f0598659fa",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/infiniband/ulp/srp/ib_srp.c"
},
"digest": {
"line_hashes": [
"176806606749995853815201559954508489428",
"82577325683631547121327704081246526939",
"276815550306726679961660956871192130850",
"89129374942809069481756805392805062250"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2022-48692-4e1a8f80",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f2c70f56f762e5dc3b0d7dc438fbb137cb116413",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/infiniband/ulp/srp/ib_srp.c"
},
"digest": {
"line_hashes": [
"176806606749995853815201559954508489428",
"82577325683631547121327704081246526939",
"276815550306726679961660956871192130850",
"89129374942809069481756805392805062250"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2022-48692-52371e08",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f2c70f56f762e5dc3b0d7dc438fbb137cb116413",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "srp_process_rsp",
"file": "drivers/infiniband/ulp/srp/ib_srp.c"
},
"digest": {
"function_hash": "290935863180955191939892359227301274686",
"length": 1960.0
}
},
{
"signature_type": "Function",
"id": "CVE-2022-48692-860af0de",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8edd49c94b4b08019ed7d6dd794fca8078a4deb",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "srp_process_rsp",
"file": "drivers/infiniband/ulp/srp/ib_srp.c"
},
"digest": {
"function_hash": "130985280365267051250047933746040349433",
"length": 1968.0
}
},
{
"signature_type": "Line",
"id": "CVE-2022-48692-e162a9ea",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8edd49c94b4b08019ed7d6dd794fca8078a4deb",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/infiniband/ulp/srp/ib_srp.c"
},
"digest": {
"line_hashes": [
"176806606749995853815201559954508489428",
"82577325683631547121327704081246526939",
"276815550306726679961660956871192130850",
"89129374942809069481756805392805062250"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2022-48692-ef06cba4",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@12f35199a2c0551187edbf8eb01379f0598659fa",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "srp_process_rsp",
"file": "drivers/infiniband/ulp/srp/ib_srp.c"
},
"digest": {
"function_hash": "290935863180955191939892359227301274686",
"length": 1960.0
}
}
]