mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
124 lines
8.3 KiB
JSON
124 lines
8.3 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2022-48728",
|
|
"ASSIGNER": "cve@kernel.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix AIP early init panic\n\nAn early failure in hfi1_ipoib_setup_rn() can lead to the following panic:\n\n BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP NOPTI\n Workqueue: events work_for_cpu_fn\n RIP: 0010:try_to_grab_pending+0x2b/0x140\n Code: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 <f0> 48 0f ba 2b 00 72 09 31 c0 5b 5d 41 5c 41 5d c3 48 89 df e8 6c\n RSP: 0018:ffffb6b3cf7cfa48 EFLAGS: 00010046\n RAX: 0000000000000246 RBX: 00000000000001b0 RCX: 0000000000000000\n RDX: 0000000000000246 RSI: 0000000000000000 RDI: 00000000000001b0\n RBP: ffffb6b3cf7cfa70 R08: 0000000000000f09 R09: 0000000000000001\n R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000\n R13: ffffb6b3cf7cfa90 R14: ffffffff9b2fbfc0 R15: ffff8a4fdf244690\n FS: 0000000000000000(0000) GS:ffff8a527f400000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000001b0 CR3: 00000017e2410003 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n __cancel_work_timer+0x42/0x190\n ? dev_printk_emit+0x4e/0x70\n iowait_cancel_work+0x15/0x30 [hfi1]\n hfi1_ipoib_txreq_deinit+0x5a/0x220 [hfi1]\n ? dev_err+0x6c/0x90\n hfi1_ipoib_netdev_dtor+0x15/0x30 [hfi1]\n hfi1_ipoib_setup_rn+0x10e/0x150 [hfi1]\n rdma_init_netdev+0x5a/0x80 [ib_core]\n ? hfi1_ipoib_free_rdma_netdev+0x20/0x20 [hfi1]\n ipoib_intf_init+0x6c/0x350 [ib_ipoib]\n ipoib_intf_alloc+0x5c/0xc0 [ib_ipoib]\n ipoib_add_one+0xbe/0x300 [ib_ipoib]\n add_client_context+0x12c/0x1a0 [ib_core]\n enable_device_and_get+0xdc/0x1d0 [ib_core]\n ib_register_device+0x572/0x6b0 [ib_core]\n rvt_register_device+0x11b/0x220 [rdmavt]\n hfi1_register_ib_device+0x6b4/0x770 [hfi1]\n do_init_one.isra.20+0x3e3/0x680 [hfi1]\n local_pci_probe+0x41/0x90\n work_for_cpu_fn+0x16/0x20\n process_one_work+0x1a7/0x360\n ? create_worker+0x1a0/0x1a0\n worker_thread+0x1cf/0x390\n ? create_worker+0x1a0/0x1a0\n kthread+0x116/0x130\n ? kthread_flush_work_fn+0x10/0x10\n ret_from_fork+0x1f/0x40\n\nThe panic happens in hfi1_ipoib_txreq_deinit() because there is a NULL\nderef when hfi1_ipoib_netdev_dtor() is called in this error case.\n\nhfi1_ipoib_txreq_init() and hfi1_ipoib_rxq_init() are self unwinding so\nfix by adjusting the error paths accordingly.\n\nOther changes:\n- hfi1_ipoib_free_rdma_netdev() is deleted including the free_netdev()\n since the netdev core code deletes calls free_netdev()\n- The switch to the accelerated entrances is moved to the success path."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Linux",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Linux",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "d99dc602e2a5",
|
|
"version_value": "4a9bd1e6780f"
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "5.8",
|
|
"status": "affected"
|
|
},
|
|
{
|
|
"version": "0",
|
|
"lessThan": "5.8",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.10.99",
|
|
"lessThanOrEqual": "5.10.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.15.22",
|
|
"lessThanOrEqual": "5.15.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.16.8",
|
|
"lessThanOrEqual": "5.16.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.17",
|
|
"lessThanOrEqual": "*",
|
|
"status": "unaffected",
|
|
"versionType": "original_commit_for_fix"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "bippy-9e1c9544281a"
|
|
}
|
|
} |