CVE-2022-49931

IB/hfi1: Correctly move list in sc_disable()

Description

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in sc_disable() Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()") incorrectly tries to move a list from one list head to another. The result is a kernel crash. The crash is triggered when a link goes down and there are waiters for a send to complete. The following signature is seen: BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] Call Trace: sc_disable+0x1ba/0x240 [hfi1] pio_freeze+0x3d/0x60 [hfi1] handle_freeze+0x27/0x1b0 [hfi1] process_one_work+0x1b0/0x380 ? process_one_work+0x380/0x380 worker_thread+0x30/0x360 ? process_one_work+0x380/0x380 kthread+0xd7/0x100 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 The fix is to use the correct call to move the list.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/25760a41e3802f54aadcc31385543665ab349b8e patch
https://git.kernel.org/stable/c/7c4260f8f188df32414a5ecad63e8b934c2aa3f0 patch
https://git.kernel.org/stable/c/ba95409d6b580501ff6d78efd00064f7df669926 patch
https://git.kernel.org/stable/c/b8bcff99b07cc175a6ee12a52db51cdd2229586c patch
https://git.kernel.org/stable/c/1afac08b39d85437187bb2a92d89a741b1078f55 patch

Frequently Asked Questions

What is the severity of CVE-2022-49931?
CVE-2022-49931 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49931?
To fix CVE-2022-49931, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49931 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49931 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49931?
CVE-2022-49931 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.