{ "threat_severity" : "Moderate", "public_date" : "2025-12-30T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel: Denial of Service in RDMA/rxe due to null-pointer dereference", "id" : "2426080", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426080" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed\nThere is a null-ptr-deref when mount.cifs over rdma:\nBUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]\nRead of size 8 at addr 0000000000000018 by task mount.cifs/3046\nCPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3\nCall Trace:\n\ndump_stack_lvl+0x34/0x44\nkasan_report+0xad/0x130\nrxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]\nexecute_in_process_context+0x25/0x90\n__rxe_cleanup+0x101/0x1d0 [rdma_rxe]\nrxe_create_qp+0x16a/0x180 [rdma_rxe]\ncreate_qp.part.0+0x27d/0x340\nib_create_qp_kernel+0x73/0x160\nrdma_create_qp+0x100/0x230\n_smbd_get_connection+0x752/0x20f0\nsmbd_get_connection+0x21/0x40\ncifs_get_tcp_session+0x8ef/0xda0\nmount_get_conns+0x60/0x750\ncifs_mount+0x103/0xd00\ncifs_smb3_do_mount+0x1dd/0xcb0\nsmb3_get_tree+0x1d5/0x300\nvfs_get_tree+0x41/0xf0\npath_mount+0x9b3/0xdd0\n__x64_sys_mount+0x190/0x1d0\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nThe root cause of the issue is the socket create failed in\nrxe_qp_init_req().\nSo move the reset rxe_qp_do_cleanup() after the NULL ptr check.", "A flaw was found in the Linux kernel. A local user could trigger a null-pointer dereference within the Remote Direct Memory Access (RDMA) subsystem's rxe component. This occurs when a socket creation fails, leading to a system crash and a Denial of Service (DoS)." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50885\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50885\nhttps://lore.kernel.org/linux-cve-announce/2025123020-CVE-2022-50885-c207@gregkh/T" ], "name" : "CVE-2022-50885", "csaw" : false }