In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Fix null-ptr-deref in ibcorecleanup()
KASAN reported a null-ptr-deref error:
KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 1 PID: 379 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:destroyworkqueue+0x2f/0x740 RSP: 0018:ffff888016137df8 EFLAGS: 00000202 ... Call Trace: ibcorecleanup+0xa/0xa1 [ibcore] _dosysdeletemodule.constprop.0+0x34f/0x5b0 dosyscall64+0x3a/0x90 entrySYSCALL64afterhwframe+0x63/0xcd RIP: 0033:0x7fa1a0d221b7 ...
It is because the fail of rocegidmgmt_init() is ignored:
ibcoreinit() rocegidmgmtinit() gidcachewq = allocorderedworkqueue # fail ... ibcorecleanup() rocegidmgmtcleanup() destroyworkqueue(gidcache_wq) # destroy an unallocated wq
Fix this by catching the fail of rocegidmgmtinit() in ibcore_init().
{ "vanir_signatures": [ { "target": { "file": "drivers/infiniband/core/nldev.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "141691486292809901553293437392683842725", "295132468037869662615655068934484593314", "51399113618736171801704867825786942816", "148612343301463195634540681858457379362" ] }, "id": "CVE-2022-49925-094170fc", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5" }, { "target": { "file": "drivers/infiniband/core/device.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "133330177815201955651171792674595060812", "279580113582264345386112607164124150471", "19137795206687411341341451719406373782", "90020469481142123758568475952026220595", "244568974030114300444595702100122499838" ] }, "id": "CVE-2022-49925-107d65c4", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d360e875c011a005628525bf290322058927e7dc" }, { "target": { "file": "drivers/infiniband/core/device.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "133330177815201955651171792674595060812", "279580113582264345386112607164124150471", "19137795206687411341341451719406373782", "90020469481142123758568475952026220595", "244568974030114300444595702100122499838" ] }, "id": "CVE-2022-49925-1f0f1d46", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07c0d131cc0fe1f3981a42958fc52d573d303d89" }, { "target": { "file": "drivers/infiniband/core/nldev.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "141691486292809901553293437392683842725", "295132468037869662615655068934484593314", "51399113618736171801704867825786942816", "148612343301463195634540681858457379362" ] }, "id": "CVE-2022-49925-521aff88", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d360e875c011a005628525bf290322058927e7dc" }, { "target": { "file": "drivers/infiniband/core/device.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "133330177815201955651171792674595060812", "279580113582264345386112607164124150471", "19137795206687411341341451719406373782", "90020469481142123758568475952026220595", "244568974030114300444595702100122499838" ] }, "id": "CVE-2022-49925-5b9f9488", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5" }, { "target": { "file": "drivers/infiniband/core/nldev.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "141691486292809901553293437392683842725", "295132468037869662615655068934484593314", "51399113618736171801704867825786942816", "148612343301463195634540681858457379362" ] }, "id": "CVE-2022-49925-631e79aa", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07c0d131cc0fe1f3981a42958fc52d573d303d89" }, { "target": { "file": "drivers/infiniband/core/device.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "133330177815201955651171792674595060812", "279580113582264345386112607164124150471", "19137795206687411341341451719406373782", "90020469481142123758568475952026220595", "244568974030114300444595702100122499838" ] }, "id": "CVE-2022-49925-63f055d6", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9" }, { "target": { "file": "drivers/infiniband/core/nldev.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "141691486292809901553293437392683842725", "295132468037869662615655068934484593314", "51399113618736171801704867825786942816", "148612343301463195634540681858457379362" ] }, "id": "CVE-2022-49925-64664fea", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@af8fb5a0600e9ae29950e9422a032c3c22649ee5" }, { "target": { "function": "ib_core_init", "file": "drivers/infiniband/core/device.c" }, "digest": { "length": 1520.0, "function_hash": "284451858935650226657720097626628083528" }, "id": "CVE-2022-49925-6db09344", "deprecated": false, "signature_type": "Function", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d360e875c011a005628525bf290322058927e7dc" }, { "target": { "function": "ib_core_init", "file": "drivers/infiniband/core/device.c" }, "digest": { "length": 1650.0, "function_hash": "264671018060257860700727277795686424074" }, "id": "CVE-2022-49925-8d2047e6", "deprecated": false, "signature_type": "Function", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9" }, { "target": { "function": "ib_core_init", "file": "drivers/infiniband/core/device.c" }, "digest": { "length": 1519.0, "function_hash": "197581979314599382343527722964249600793" }, "id": "CVE-2022-49925-937bad62", "deprecated": false, "signature_type": "Function", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@af8fb5a0600e9ae29950e9422a032c3c22649ee5" }, { "target": { "function": "ib_core_init", "file": "drivers/infiniband/core/device.c" }, "digest": { "length": 1650.0, "function_hash": "264671018060257860700727277795686424074" }, "id": "CVE-2022-49925-97f7c449", "deprecated": false, "signature_type": "Function", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07c0d131cc0fe1f3981a42958fc52d573d303d89" }, { "target": { "file": "drivers/infiniband/core/device.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "133330177815201955651171792674595060812", "279580113582264345386112607164124150471", "19137795206687411341341451719406373782", "90020469481142123758568475952026220595", "244568974030114300444595702100122499838" ] }, "id": "CVE-2022-49925-c08bf71a", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@af8fb5a0600e9ae29950e9422a032c3c22649ee5" }, { "target": { "file": "drivers/infiniband/core/nldev.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "141691486292809901553293437392683842725", "295132468037869662615655068934484593314", "51399113618736171801704867825786942816", "148612343301463195634540681858457379362" ] }, "id": "CVE-2022-49925-d7c10717", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9" }, { "target": { "function": "ib_core_init", "file": "drivers/infiniband/core/device.c" }, "digest": { "length": 1520.0, "function_hash": "284451858935650226657720097626628083528" }, "id": "CVE-2022-49925-e2461454", "deprecated": false, "signature_type": "Function", "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5" } ] }