CVE-2022-49076
- Source
- https://cve.org/CVERecord?id=CVE-2022-49076
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49076.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49076
- Downstream
- Related
- Published
- 2025-02-26T01:54:39.251Z
- Modified
- 2026-03-12T03:24:34.281068Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- RDMA/hfi1: Fix use-after-free bug for mm struct
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hfi1: Fix use-after-free bug for mm struct
Under certain conditions, such as MPIAbort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1mmurbunregister() then drops the last reference and the mm is freed before the final use in hfi1releaseuserpages(). A new task may allocate the mm structure while it is still being used, resulting in problems. One manifestation is corruption of the mmapsem counter leading to a hang in down_write(). Another is corruption of an mm struct that is in use by another task.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49076.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0b7186d657ee55e2cdefae498f07d5c1961e8023
- https://git.kernel.org/stable/c/2bbac98d0930e8161b1957dc0ec99de39ade1b3c
- https://git.kernel.org/stable/c/5a9a1b24ddb510715f8f621263938186579a965c
- https://git.kernel.org/stable/c/5f54364ff6cfcd14cddf5441c4a490bb28dd69f7
- https://git.kernel.org/stable/c/9ca11bd8222a612de0d2f54d050bfcf61ae2883f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49076.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49076
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3d2a9d642512c21a12d19b9250e7a835dcb41a79Fixed5f54364ff6cfcd14cddf5441c4a490bb28dd69f7Fixed9ca11bd8222a612de0d2f54d050bfcf61ae2883fFixed0b7186d657ee55e2cdefae498f07d5c1961e8023Fixed5a9a1b24ddb510715f8f621263938186579a965cFixed2bbac98d0930e8161b1957dc0ec99de39ade1b3c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected5732f83596f8a573f2cde814cc76a54e1a8995c7