CVE-2022-49429

RDMA/hfi1: Prevent panic when SDMA is disabled

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to hfi1_write_iter() will dereference a NULL pointer and panic. A typical stack frame is: sdma_select_user_engine [hfi1] hfi1_user_sdma_process_request [hfi1] hfi1_write_iter [hfi1] do_iter_readv_writev do_iter_write vfs_writev do_writev do_syscall_64 The fix is to test for SDMA in hfi1_write_iter() and fail the I/O with EINVAL.

N/A
CVSS
Severity:
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762
https://git.kernel.org/stable/c/0e4dda8b3f4c07ee9ea670a10ea3171a5e63a86f
https://git.kernel.org/stable/c/e60ad83f645ee6fadd5a8057ba267aeec54f08fe
https://git.kernel.org/stable/c/cc80d3c37cec9d6ddb140483647901bc7cc6c31d
https://git.kernel.org/stable/c/32e6aea33944f364d51cd263e4cd236393a188b6
https://git.kernel.org/stable/c/29952ab85d6c3fe0b7909d9a737f10c58bf6824d
https://git.kernel.org/stable/c/22e7e400fd1a890db2ea13686324aff50e972f4f
https://git.kernel.org/stable/c/629e052d0c98e46dde9f0824f0aa437f678d9b8f

Frequently Asked Questions

What is the severity of CVE-2022-49429?
CVE-2022-49429 has not yet been assigned a CVSS score.
How to fix CVE-2022-49429?
To fix CVE-2022-49429, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49429 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49429 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49429?
CVE-2022-49429 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.