CVE-2022-48728
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48728
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48728.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48728
- Downstream
- Related
- Published
- 2024-06-20T11:13:17Z
- Modified
- 2025-10-15T16:08:53.333942Z
- Summary
- IB/hfi1: Fix AIP early init panic
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix AIP early init panic
An early failure in hfi1ipoibsetup_rn() can lead to the following panic:
BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0 PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI Workqueue: events workforcpufn RIP: 0010:trytograbpending+0x2b/0x140 Code: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 <f0> 48 0f ba 2b 00 72 09 31 c0 5b 5d 41 5c 41 5d c3 48 89 df e8 6c RSP: 0018:ffffb6b3cf7cfa48 EFLAGS: 00010046 RAX: 0000000000000246 RBX: 00000000000001b0 RCX: 0000000000000000 RDX: 0000000000000246 RSI: 0000000000000000 RDI: 00000000000001b0 RBP: ffffb6b3cf7cfa70 R08: 0000000000000f09 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: ffffb6b3cf7cfa90 R14: ffffffff9b2fbfc0 R15: ffff8a4fdf244690 FS: 0000000000000000(0000) GS:ffff8a527f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000001b0 CR3: 00000017e2410003 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: _cancelworktimer+0x42/0x190 ? devprintkemit+0x4e/0x70 iowaitcancelwork+0x15/0x30 [hfi1] hfi1ipoibtxreqdeinit+0x5a/0x220 [hfi1] ? deverr+0x6c/0x90 hfi1ipoibnetdevdtor+0x15/0x30 [hfi1] hfi1ipoibsetuprn+0x10e/0x150 [hfi1] rdmainitnetdev+0x5a/0x80 [ibcore] ? hfi1ipoibfreerdmanetdev+0x20/0x20 [hfi1] ipoibintfinit+0x6c/0x350 [ibipoib] ipoibintfalloc+0x5c/0xc0 [ibipoib] ipoibaddone+0xbe/0x300 [ibipoib] addclientcontext+0x12c/0x1a0 [ibcore] enabledeviceandget+0xdc/0x1d0 [ibcore] ibregisterdevice+0x572/0x6b0 [ibcore] rvtregisterdevice+0x11b/0x220 [rdmavt] hfi1registeribdevice+0x6b4/0x770 [hfi1] doinitone.isra.20+0x3e3/0x680 [hfi1] localpciprobe+0x41/0x90 workforcpufn+0x16/0x20 processonework+0x1a7/0x360 ? createworker+0x1a0/0x1a0 workerthread+0x1cf/0x390 ? createworker+0x1a0/0x1a0 kthread+0x116/0x130 ? kthreadflushworkfn+0x10/0x10 retfrom_fork+0x1f/0x40
The panic happens in hfi1ipoibtxreqdeinit() because there is a NULL deref when hfi1ipoibnetdevdtor() is called in this error case.
hfi1ipoibtxreqinit() and hfi1ipoibrxqinit() are self unwinding so fix by adjusting the error paths accordingly.
Other changes: - hfi1ipoibfreerdmanetdev() is deleted including the freenetdev() since the netdev core code deletes calls freenetdev() - The switch to the accelerated entrances is moved to the success path.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b
- https://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190
- https://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83
- https://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd99dc602e2a55a99940ba9506a7126dfa54d54eaFixed4a9bd1e6780fc59f81466ec3489d5ad535a37190
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd99dc602e2a55a99940ba9506a7126dfa54d54eaFixeda3dd4d2682f2a796121609e5f3bbeb1243198c53
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd99dc602e2a55a99940ba9506a7126dfa54d54eaFixed1899c3cad265c4583658aed5293d02e8af84276b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd99dc602e2a55a99940ba9506a7126dfa54d54eaFixed5f8f55b92edd621f056bdf09e572092849fabd83
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.17-rc1
v5.7
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"id": "CVE-2022-48728-024532d0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "266522972568117283453307769295428542856",
"length": 1070.0
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c",
"function": "hfi1_ipoib_setup_rn"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a9bd1e6780fc59f81466ec3489d5ad535a37190"
},
{
"id": "CVE-2022-48728-20f5493a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"73486512125740363575142000222208339405",
"303756635059008556472373682453041722187",
"297378894733851590518544831106403921613",
"11841102003801101726729024559303483145",
"332498089753238599614040866166982881986",
"8573033363363991417677570048922789815",
"214973427734504575477399018482227822737",
"55795854909431414019838485346915293376",
"130869657938083526559964442606520092418",
"205214953732722132806397917833701072448",
"295844482843892377903184372977643185420",
"220536664802959465877049449360159482842",
"73099564356571421976332327052429016240",
"86985721094753118515698970725501109386",
"66147632570679831305609096188110960526",
"237074240636874636680031879920495464764",
"28451459119698457200317003744989048122",
"269120757955929073331280389709109261933",
"203245714865969760125340750198331045201",
"69111544407246775822075464572946068494",
"149367584246250211891008414971264376520",
"133592269407676558961816939074962609567",
"23157426110058310713063023283393999737",
"84903473063537889890384935239174386659",
"128219272329025836070011879769976295237"
],
"threshold": 0.9
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1899c3cad265c4583658aed5293d02e8af84276b"
},
{
"id": "CVE-2022-48728-2dadf800",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "22966104932178912732848047532441781462",
"length": 85.0
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c",
"function": "hfi1_ipoib_free_rdma_netdev"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1899c3cad265c4583658aed5293d02e8af84276b"
},
{
"id": "CVE-2022-48728-5078635a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"73486512125740363575142000222208339405",
"303756635059008556472373682453041722187",
"297378894733851590518544831106403921613",
"11841102003801101726729024559303483145",
"332498089753238599614040866166982881986",
"8573033363363991417677570048922789815",
"214973427734504575477399018482227822737",
"55795854909431414019838485346915293376",
"130869657938083526559964442606520092418",
"205214953732722132806397917833701072448",
"295844482843892377903184372977643185420",
"220536664802959465877049449360159482842",
"73099564356571421976332327052429016240",
"86985721094753118515698970725501109386",
"66147632570679831305609096188110960526",
"237074240636874636680031879920495464764",
"28451459119698457200317003744989048122",
"269120757955929073331280389709109261933",
"203245714865969760125340750198331045201",
"69111544407246775822075464572946068494",
"149367584246250211891008414971264376520",
"133592269407676558961816939074962609567",
"23157426110058310713063023283393999737",
"84903473063537889890384935239174386659",
"128219272329025836070011879769976295237"
],
"threshold": 0.9
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f8f55b92edd621f056bdf09e572092849fabd83"
},
{
"id": "CVE-2022-48728-5f70b3d3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "22966104932178912732848047532441781462",
"length": 85.0
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c",
"function": "hfi1_ipoib_free_rdma_netdev"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a9bd1e6780fc59f81466ec3489d5ad535a37190"
},
{
"id": "CVE-2022-48728-870d241e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "253243245172635566525277703382383442575",
"length": 1114.0
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c",
"function": "hfi1_ipoib_setup_rn"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1899c3cad265c4583658aed5293d02e8af84276b"
},
{
"id": "CVE-2022-48728-c0521efa",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "22966104932178912732848047532441781462",
"length": 85.0
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c",
"function": "hfi1_ipoib_free_rdma_netdev"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f8f55b92edd621f056bdf09e572092849fabd83"
},
{
"id": "CVE-2022-48728-cdaea679",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "253243245172635566525277703382383442575",
"length": 1114.0
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c",
"function": "hfi1_ipoib_setup_rn"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f8f55b92edd621f056bdf09e572092849fabd83"
},
{
"id": "CVE-2022-48728-e12ce94a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"210996282885884573689135299930380624214",
"137337676099309688355603830552578139810",
"297378894733851590518544831106403921613",
"11841102003801101726729024559303483145",
"332498089753238599614040866166982881986",
"8573033363363991417677570048922789815",
"214973427734504575477399018482227822737",
"55795854909431414019838485346915293376",
"130869657938083526559964442606520092418",
"205214953732722132806397917833701072448",
"295844482843892377903184372977643185420",
"220536664802959465877049449360159482842",
"73099564356571421976332327052429016240",
"86985721094753118515698970725501109386",
"66147632570679831305609096188110960526",
"237074240636874636680031879920495464764",
"28451459119698457200317003744989048122",
"269120757955929073331280389709109261933",
"203245714865969760125340750198331045201",
"69111544407246775822075464572946068494",
"149367584246250211891008414971264376520",
"133592269407676558961816939074962609567",
"23157426110058310713063023283393999737",
"84903473063537889890384935239174386659",
"128219272329025836070011879769976295237"
],
"threshold": 0.9
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a9bd1e6780fc59f81466ec3489d5ad535a37190"
},
{
"id": "CVE-2022-48728-f6c5b487",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "22966104932178912732848047532441781462",
"length": 85.0
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c",
"function": "hfi1_ipoib_free_rdma_netdev"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3dd4d2682f2a796121609e5f3bbeb1243198c53"
},
{
"id": "CVE-2022-48728-f7a7b54d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "253243245172635566525277703382383442575",
"length": 1114.0
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c",
"function": "hfi1_ipoib_setup_rn"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3dd4d2682f2a796121609e5f3bbeb1243198c53"
},
{
"id": "CVE-2022-48728-fdd8e960",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"73486512125740363575142000222208339405",
"303756635059008556472373682453041722187",
"297378894733851590518544831106403921613",
"11841102003801101726729024559303483145",
"332498089753238599614040866166982881986",
"8573033363363991417677570048922789815",
"214973427734504575477399018482227822737",
"55795854909431414019838485346915293376",
"130869657938083526559964442606520092418",
"205214953732722132806397917833701072448",
"295844482843892377903184372977643185420",
"220536664802959465877049449360159482842",
"73099564356571421976332327052429016240",
"86985721094753118515698970725501109386",
"66147632570679831305609096188110960526",
"237074240636874636680031879920495464764",
"28451459119698457200317003744989048122",
"269120757955929073331280389709109261933",
"203245714865969760125340750198331045201",
"69111544407246775822075464572946068494",
"149367584246250211891008414971264376520",
"133592269407676558961816939074962609567",
"23157426110058310713063023283393999737",
"84903473063537889890384935239174386659",
"128219272329025836070011879769976295237"
],
"threshold": 0.9
},
"target": {
"file": "drivers/infiniband/hw/hfi1/ipoib_main.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3dd4d2682f2a796121609e5f3bbeb1243198c53"
}
]