https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 05 May 2026 19:56:48 +0000 https://vulnerability.circl.lu/sighting/acaa73cb-0fc9-43c0-910a-6f76b94db527/export {"uuid": "acaa73cb-0fc9-43c0-910a-6f76b94db527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48925", "type": "seen", "source": "https://t.me/cvedetector/3851", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48925 - Iberr Corrupts Global State in RDMA/cma\", \n \"Content\": \"CVE ID : CVE-2022-48925 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nRDMA/cma: Do not change route.addr.src_addr outside state checks \n \nIf the state is not idle then resolve_prepare_src() should immediately \nfail and no change to global state should happen. However, it \nunconditionally overwrites the src_addr trying to build a temporary any \naddress. \n \nFor instance if the state is already RDMA_CM_LISTEN then this will corrupt \nthe src_addr and would cause the test in cma_cancel_operation(): \n \n if (cma_any_addr(cma_src_addr(id_priv)) && !id_priv->cma_dev) \n \nWhich would manifest as this trace from syzkaller: \n \n BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 lib/list_debug.c:26 \n Read of size 8 at addr ffff8881546491e0 by task syz-executor.1/32204 \n \n CPU: 1 PID: 32204 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller #0 \n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 \n Call Trace: \n __dump_stack lib/dump_stack.c:79 [inline] \n dump_stack+0x141/0x1d7 lib/dump_stack.c:120 \n print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:232 \n __kasan_report mm/kasan/report.c:399 [inline] \n kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:416 \n __list_add_valid+0x93/0xa0 lib/list_debug.c:26 \n __list_add include/linux/list.h:67 [inline] \n list_add_tail include/linux/list.h:100 [inline] \n cma_listen_on_all drivers/infiniband/core/cma.c:2557 [inline] \n rdma_listen+0x787/0xe00 drivers/infiniband/core/cma.c:3751 \n ucma_listen+0x16a/0x210 drivers/infiniband/core/ucma.c:1102 \n ucma_write+0x259/0x350 drivers/infiniband/core/ucma.c:1732 \n vfs_write+0x28e/0xa30 fs/read_write.c:603 \n ksys_write+0x1ee/0x250 fs/read_write.c:658 \n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 \n entry_SYSCALL_64_after_hwframe+0x44/0xae \n \nThis is indicating that an rdma_id_private was destroyed without doing \ncma_cancel_listens(). \n \nInstead of trying to re-use the src_addr memory to indirectly create an \nany address derived from the dst build one explicitly on the stack and \nbind to that as any other normal flow would do. rdma_bind_addr() will copy \nit over the src_addr once it knows the state is valid. \n \nThis is similar to commit bc0bdc5afaa7 (\"RDMA/cma: Do not change \nroute.addr.src_addr.ss_family\") \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:07:51.000000Z"} {"uuid": "acaa73cb-0fc9-43c0-910a-6f76b94db527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48925", "type": "seen", "source": "https://t.me/cvedetector/3851", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48925 - Iberr Corrupts Global State in RDMA/cma\", \n \"Content\": \"CVE ID : CVE-2022-48925 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nRDMA/cma: Do not change route.addr.src_addr outside state checks \n \nIf the state is not idle then resolve_prepare_src() should immediately \nfail and no change to global state should happen. However, it \nunconditionally overwrites the src_addr trying to build a temporary any \naddress. \n \nFor instance if the state is already RDMA_CM_LISTEN then this will corrupt \nthe src_addr and would cause the test in cma_cancel_operation(): \n \n if (cma_any_addr(cma_src_addr(id_priv)) && !id_priv->cma_dev) \n \nWhich would manifest as this trace from syzkaller: \n \n BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0 lib/list_debug.c:26 \n Read of size 8 at addr ffff8881546491e0 by task syz-executor.1/32204 \n \n CPU: 1 PID: 32204 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller #0 \n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 \n Call Trace: \n __dump_stack lib/dump_stack.c:79 [inline] \n dump_stack+0x141/0x1d7 lib/dump_stack.c:120 \n print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:232 \n __kasan_report mm/kasan/report.c:399 [inline] \n kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:416 \n __list_add_valid+0x93/0xa0 lib/list_debug.c:26 \n __list_add include/linux/list.h:67 [inline] \n list_add_tail include/linux/list.h:100 [inline] \n cma_listen_on_all drivers/infiniband/core/cma.c:2557 [inline] \n rdma_listen+0x787/0xe00 drivers/infiniband/core/cma.c:3751 \n ucma_listen+0x16a/0x210 drivers/infiniband/core/ucma.c:1102 \n ucma_write+0x259/0x350 drivers/infiniband/core/ucma.c:1732 \n vfs_write+0x28e/0xa30 fs/read_write.c:603 \n ksys_write+0x1ee/0x250 fs/read_write.c:658 \n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 \n entry_SYSCALL_64_after_hwframe+0x44/0xae \n \nThis is indicating that an rdma_id_private was destroyed without doing \ncma_cancel_listens(). \n \nInstead of trying to re-use the src_addr memory to indirectly create an \nany address derived from the dst build one explicitly on the stack and \nbind to that as any other normal flow would do. rdma_bind_addr() will copy \nit over the src_addr once it knows the state is valid. \n \nThis is similar to commit bc0bdc5afaa7 (\"RDMA/cma: Do not change \nroute.addr.src_addr.ss_family\") \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:07:51.000000Z"} https://vulnerability.circl.lu/sighting/acaa73cb-0fc9-43c0-910a-6f76b94db527/export Thu, 22 Aug 2024 05:07:51 +0000