CVE-2022-49931

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49931
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49931.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49931
Downstream
Related
Published
2025-05-01T15:16:19Z
Modified
2025-10-01T15:15:41Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

IB/hfi1: Correctly move list in sc_disable()

Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()") incorrectly tries to move a list from one list head to another. The result is a kernel crash.

The crash is triggered when a link goes down and there are waiters for a send to complete. The following signature is seen:

BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] Call Trace: scdisable+0x1ba/0x240 [hfi1] piofreeze+0x3d/0x60 [hfi1] handlefreeze+0x27/0x1b0 [hfi1] processonework+0x1b0/0x380 ? processonework+0x380/0x380 workerthread+0x30/0x360 ? processonework+0x380/0x380 kthread+0xd7/0x100 ? kthreadcompleteandexit+0x20/0x20 retfrom_fork+0x1f/0x30

The fix is to use the correct call to move the list.

References

Affected packages