CVE-2022-50885
- Source
- https://cve.org/CVERecord?id=CVE-2022-50885
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50885.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50885
- Downstream
- Related
- Published
- 2025-12-30T12:34:12.093Z
- Modified
- 2026-03-12T03:21:52.778154Z
- Summary
- RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix NULL-ptr-deref in rxeqpdo_cleanup() when socket create failed
There is a null-ptr-deref when mount.cifs over rdma:
BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 [rdmarxe] Read of size 8 at addr 0000000000000018 by task mount.cifs/3046
CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3 Call Trace: <TASK> dumpstacklvl+0x34/0x44 kasanreport+0xad/0x130 rxeqpdocleanup+0x2f3/0x360 [rdmarxe] executeinprocesscontext+0x25/0x90 __rxecleanup+0x101/0x1d0 [rdmarxe] rxecreateqp+0x16a/0x180 [rdmarxe] createqp.part.0+0x27d/0x340 ibcreateqpkernel+0x73/0x160 rdmacreateqp+0x100/0x230 smbdgetconnection+0x752/0x20f0 smbdgetconnection+0x21/0x40 cifsgettcpsession+0x8ef/0xda0 mountgetconns+0x60/0x750 cifsmount+0x103/0xd00 cifssmb3domount+0x1dd/0xcb0 smb3gettree+0x1d5/0x300 vfsgettree+0x41/0xf0 pathmount+0x9b3/0xdd0 __x64sysmount+0x190/0x1d0 dosyscall64+0x35/0x80 entrySYSCALL64afterhwframe+0x46/0xb0
The root cause of the issue is the socket create failed in rxeqpinit_req().
So move the reset rxeqpdo_cleanup() after the NULL ptr check.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50885.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/5b924632d84a60bc0c7fe6e9bbbce99d03908957
- https://git.kernel.org/stable/c/6bb5a62bfd624039b05157745c234068508393a9
- https://git.kernel.org/stable/c/7340ca9f782be6fbe3f64a134dc112772764f766
- https://git.kernel.org/stable/c/821f9a18210f6b9fd6792471714c799607b25db4
- https://git.kernel.org/stable/c/bd7106a6004f1077a365ca7f5a99c7a708e20714
- https://git.kernel.org/stable/c/ee24de095569935eba600f7735e8e8ddea5b418e
- https://git.kernel.org/stable/c/f64f08b9e6fb305a25dd75329e06ae342b9ce336
- https://git.kernel.org/stable/c/f67376d801499f4fa0838c18c1efcad8840e550d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50885.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50885
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8700e3e7c4857d28ebaa824509934556da0b3e76Fixedee24de095569935eba600f7735e8e8ddea5b418eFixed7340ca9f782be6fbe3f64a134dc112772764f766Fixedbd7106a6004f1077a365ca7f5a99c7a708e20714Fixed6bb5a62bfd624039b05157745c234068508393a9Fixedf64f08b9e6fb305a25dd75329e06ae342b9ce336Fixed5b924632d84a60bc0c7fe6e9bbbce99d03908957Fixed821f9a18210f6b9fd6792471714c799607b25db4Fixedf67376d801499f4fa0838c18c1efcad8840e550d
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.8.0Fixed4.14.303
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.270
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.229
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.163
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.86
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.0.16
- Type
- ECOSYSTEM
- Events
-
Introduced6.1.0Fixed6.1.2