CVE-2022-49321

xprtrdma: treat all calls not a bcall when bc_serv is NULL

Description

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: treat all calls not a bcall when bc_serv is NULL When a rdma server returns a fault format reply, nfs v3 client may treats it as a bcall when bc service is not exist. The debug message at rpcrdma_bc_receive_call are, [56579.837169] RPC: rpcrdma_bc_receive_call: callback XID 00000001, length=20 [56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 After that, rpcrdma_bc_receive_call will meets NULL pointer as, [ 226.057890] BUG: unable to handle kernel NULL pointer dereference at 00000000000000c8 ... [ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20 ... [ 226.059732] Call Trace: [ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma] [ 226.060011] __ib_process_cq+0x89/0x170 [ib_core] [ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core] [ 226.060257] process_one_work+0x1a7/0x360 [ 226.060367] ? create_worker+0x1a0/0x1a0 [ 226.060440] worker_thread+0x30/0x390 [ 226.060500] ? create_worker+0x1a0/0x1a0 [ 226.060574] kthread+0x116/0x130 [ 226.060661] ? kthread_flush_work_fn+0x10/0x10 [ 226.060724] ret_from_fork+0x35/0x40 ...

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8e3943c50764dc7c5f25911970c3ff062ec1f18c patch
https://git.kernel.org/stable/c/998d35a2aff4b81a1c784f3aa45cd3afff6814c1 patch
https://git.kernel.org/stable/c/da99331fa62131a38a0947a8204c5208de7b0454 patch
https://git.kernel.org/stable/c/8dbae5affbdbf524b48000f9d357925bb001e5f4 patch
https://git.kernel.org/stable/c/a3fc8051ee061e31db13e2fe011e8e0b71a7f815 patch
https://git.kernel.org/stable/c/90c4f73104016748533a5707ecd15930fbeff402 patch
https://git.kernel.org/stable/c/91784f3d77b73885e1b2e6b59d3cbf0de0a1126a patch
https://git.kernel.org/stable/c/11270e7ca268e8d61b5d9e5c3a54bd1550642c9c patch

Frequently Asked Questions

What is the severity of CVE-2022-49321?
CVE-2022-49321 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49321?
To fix CVE-2022-49321, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49321 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49321 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49321?
CVE-2022-49321 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.