cve-2022-48728
Vulnerability from cvelistv5
Published
2024-06-20 11:13
Modified
2024-11-04 12:15
Severity ?
EPSS score ?
Summary
IB/hfi1: Fix AIP early init panic
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T13:36:00.400967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T13:36:10.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:24:59.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/ipoib_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4a9bd1e6780f",
"status": "affected",
"version": "d99dc602e2a5",
"versionType": "git"
},
{
"lessThan": "a3dd4d2682f2",
"status": "affected",
"version": "d99dc602e2a5",
"versionType": "git"
},
{
"lessThan": "1899c3cad265",
"status": "affected",
"version": "d99dc602e2a5",
"versionType": "git"
},
{
"lessThan": "5f8f55b92edd",
"status": "affected",
"version": "d99dc602e2a5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/ipoib_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.99",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix AIP early init panic\n\nAn early failure in hfi1_ipoib_setup_rn() can lead to the following panic:\n\n BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP NOPTI\n Workqueue: events work_for_cpu_fn\n RIP: 0010:try_to_grab_pending+0x2b/0x140\n Code: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 \u003cf0\u003e 48 0f ba 2b 00 72 09 31 c0 5b 5d 41 5c 41 5d c3 48 89 df e8 6c\n RSP: 0018:ffffb6b3cf7cfa48 EFLAGS: 00010046\n RAX: 0000000000000246 RBX: 00000000000001b0 RCX: 0000000000000000\n RDX: 0000000000000246 RSI: 0000000000000000 RDI: 00000000000001b0\n RBP: ffffb6b3cf7cfa70 R08: 0000000000000f09 R09: 0000000000000001\n R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000\n R13: ffffb6b3cf7cfa90 R14: ffffffff9b2fbfc0 R15: ffff8a4fdf244690\n FS: 0000000000000000(0000) GS:ffff8a527f400000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000001b0 CR3: 00000017e2410003 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n __cancel_work_timer+0x42/0x190\n ? dev_printk_emit+0x4e/0x70\n iowait_cancel_work+0x15/0x30 [hfi1]\n hfi1_ipoib_txreq_deinit+0x5a/0x220 [hfi1]\n ? dev_err+0x6c/0x90\n hfi1_ipoib_netdev_dtor+0x15/0x30 [hfi1]\n hfi1_ipoib_setup_rn+0x10e/0x150 [hfi1]\n rdma_init_netdev+0x5a/0x80 [ib_core]\n ? hfi1_ipoib_free_rdma_netdev+0x20/0x20 [hfi1]\n ipoib_intf_init+0x6c/0x350 [ib_ipoib]\n ipoib_intf_alloc+0x5c/0xc0 [ib_ipoib]\n ipoib_add_one+0xbe/0x300 [ib_ipoib]\n add_client_context+0x12c/0x1a0 [ib_core]\n enable_device_and_get+0xdc/0x1d0 [ib_core]\n ib_register_device+0x572/0x6b0 [ib_core]\n rvt_register_device+0x11b/0x220 [rdmavt]\n hfi1_register_ib_device+0x6b4/0x770 [hfi1]\n do_init_one.isra.20+0x3e3/0x680 [hfi1]\n local_pci_probe+0x41/0x90\n work_for_cpu_fn+0x16/0x20\n process_one_work+0x1a7/0x360\n ? create_worker+0x1a0/0x1a0\n worker_thread+0x1cf/0x390\n ? create_worker+0x1a0/0x1a0\n kthread+0x116/0x130\n ? kthread_flush_work_fn+0x10/0x10\n ret_from_fork+0x1f/0x40\n\nThe panic happens in hfi1_ipoib_txreq_deinit() because there is a NULL\nderef when hfi1_ipoib_netdev_dtor() is called in this error case.\n\nhfi1_ipoib_txreq_init() and hfi1_ipoib_rxq_init() are self unwinding so\nfix by adjusting the error paths accordingly.\n\nOther changes:\n- hfi1_ipoib_free_rdma_netdev() is deleted including the free_netdev()\n since the netdev core code deletes calls free_netdev()\n- The switch to the accelerated entrances is moved to the success path."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T12:15:22.474Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190"
},
{
"url": "https://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53"
},
{
"url": "https://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b"
},
{
"url": "https://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83"
}
],
"title": "IB/hfi1: Fix AIP early init panic",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48728",
"datePublished": "2024-06-20T11:13:17.378Z",
"dateReserved": "2024-06-20T11:09:39.052Z",
"dateUpdated": "2024-11-04T12:15:22.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48728\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-20T12:15:11.253\",\"lastModified\":\"2024-09-18T16:07:21.097\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nIB/hfi1: Fix AIP early init panic\\n\\nAn early failure in hfi1_ipoib_setup_rn() can lead to the following panic:\\n\\n BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0\\n PGD 0 P4D 0\\n Oops: 0002 [#1] SMP NOPTI\\n Workqueue: events work_for_cpu_fn\\n RIP: 0010:try_to_grab_pending+0x2b/0x140\\n Code: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 \u003cf0\u003e 48 0f ba 2b 00 72 09 31 c0 5b 5d 41 5c 41 5d c3 48 89 df e8 6c\\n RSP: 0018:ffffb6b3cf7cfa48 EFLAGS: 00010046\\n RAX: 0000000000000246 RBX: 00000000000001b0 RCX: 0000000000000000\\n RDX: 0000000000000246 RSI: 0000000000000000 RDI: 00000000000001b0\\n RBP: ffffb6b3cf7cfa70 R08: 0000000000000f09 R09: 0000000000000001\\n R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000\\n R13: ffffb6b3cf7cfa90 R14: ffffffff9b2fbfc0 R15: ffff8a4fdf244690\\n FS: 0000000000000000(0000) GS:ffff8a527f400000(0000) knlGS:0000000000000000\\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n CR2: 00000000000001b0 CR3: 00000017e2410003 CR4: 00000000007706f0\\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\n PKRU: 55555554\\n Call Trace:\\n __cancel_work_timer+0x42/0x190\\n ? dev_printk_emit+0x4e/0x70\\n iowait_cancel_work+0x15/0x30 [hfi1]\\n hfi1_ipoib_txreq_deinit+0x5a/0x220 [hfi1]\\n ? dev_err+0x6c/0x90\\n hfi1_ipoib_netdev_dtor+0x15/0x30 [hfi1]\\n hfi1_ipoib_setup_rn+0x10e/0x150 [hfi1]\\n rdma_init_netdev+0x5a/0x80 [ib_core]\\n ? hfi1_ipoib_free_rdma_netdev+0x20/0x20 [hfi1]\\n ipoib_intf_init+0x6c/0x350 [ib_ipoib]\\n ipoib_intf_alloc+0x5c/0xc0 [ib_ipoib]\\n ipoib_add_one+0xbe/0x300 [ib_ipoib]\\n add_client_context+0x12c/0x1a0 [ib_core]\\n enable_device_and_get+0xdc/0x1d0 [ib_core]\\n ib_register_device+0x572/0x6b0 [ib_core]\\n rvt_register_device+0x11b/0x220 [rdmavt]\\n hfi1_register_ib_device+0x6b4/0x770 [hfi1]\\n do_init_one.isra.20+0x3e3/0x680 [hfi1]\\n local_pci_probe+0x41/0x90\\n work_for_cpu_fn+0x16/0x20\\n process_one_work+0x1a7/0x360\\n ? create_worker+0x1a0/0x1a0\\n worker_thread+0x1cf/0x390\\n ? create_worker+0x1a0/0x1a0\\n kthread+0x116/0x130\\n ? kthread_flush_work_fn+0x10/0x10\\n ret_from_fork+0x1f/0x40\\n\\nThe panic happens in hfi1_ipoib_txreq_deinit() because there is a NULL\\nderef when hfi1_ipoib_netdev_dtor() is called in this error case.\\n\\nhfi1_ipoib_txreq_init() and hfi1_ipoib_rxq_init() are self unwinding so\\nfix by adjusting the error paths accordingly.\\n\\nOther changes:\\n- hfi1_ipoib_free_rdma_netdev() is deleted including the free_netdev()\\n since the netdev core code deletes calls free_netdev()\\n- The switch to the accelerated entrances is moved to the success path.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/hfi1: corrige el p\u00e1nico de inicio temprano de AIP Una falla temprana en hfi1_ipoib_setup_rn() puede provocar el siguiente p\u00e1nico: ERROR: no se puede manejar la desreferencia del puntero NULL del kernel en 00000000000001b0 PGD 0 P4D 0 Vaya: 0002 [#1] Cola de trabajo SMP NOPTI: eventos work_for_cpu_fn RIP: 0010:try_to_grab_pending+0x2b/0x140 C\u00f3digo: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 4 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 48 0f ba 2b 00 72 09 31 c0 5b 5d 41 5c 41 5d c3 48 89 df e8 6c RSP 0018:ffffb6b3cf7 cfa48 EFLAGS: 00010046 RAX: 0000000000000246 RBX: 00000000000001b0 RCX: 0000000000000000 RDX: 0000000000000246 RSI: 00000000000000000 RDI: 00000000000001b0 RBP: ffffb6b3cf7cfa70 R08: 0000000000000f09 R09: 0000000000000001 R10: 0000000000000000 R11: 00000000000000001 R12: 0000000000000000 R13: b6b3cf7cfa90 R14: ffffffff9b2fbfc0 R15: ffff8a4fdf244690 FS: 0000000000000000(0000) GS :ffff8a527f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000001b0 CR3: CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 00000000000000000 DR6: 00000000ffe0ff0 DR7: 000 0000000000400 PKRU: 55555554 Seguimiento de llamadas: __cancel_work_timer+0x42/0x190 ? dev_printk_emit+0x4e/0x70 iowait_cancel_work+0x15/0x30 [hfi1] hfi1_ipoib_txreq_deinit+0x5a/0x220 [hfi1] ? dev_err+0x6c/0x90 hfi1_ipoib_netdev_dtor+0x15/0x30 [hfi1] hfi1_ipoib_setup_rn+0x10e/0x150 [hfi1] rdma_init_netdev+0x5a/0x80 [ib_core] ? hfi1_ipoib_free_rdma_netdev+0x20/0x20 [hfi1] ipoib_intf_init+0x6c/0x350 [ib_ipoib] ipoib_intf_alloc+0x5c/0xc0 [ib_ipoib] ipoib_add_one+0xbe/0x300 [ib_ipoib] 0x1a0 [ib_core] enable_device_and_get+0xdc/0x1d0 [ib_core] ib_register_device+ 0x572/0x6b0 [ib_core] rvt_register_device+0x11b/0x220 [rdmavt] hfi1_register_ib_device+0x6b4/0x770 [hfi1] do_init_one.isra.20+0x3e3/0x680 [hfi1] local_pci_probe+0x41/0x90 cpu_fn+0x16/0x20 proceso_one_work+0x1a7/0x360 ? create_worker+0x1a0/0x1a0 trabajador_thread+0x1cf/0x390? create_worker+0x1a0/0x1a0 kthread+0x116/0x130? kthread_flush_work_fn+0x10/0x10 ret_from_fork+0x1f/0x40 El p\u00e1nico ocurre en hfi1_ipoib_txreq_deinit() porque hay una deref NULL cuando se llama a hfi1_ipoib_netdev_dtor() en este caso de error. hfi1_ipoib_txreq_init() y hfi1_ipoib_rxq_init() se desenrollan autom\u00e1ticamente, as\u00ed que corrija ajustando las rutas de error en consecuencia. Otros cambios: - hfi1_ipoib_free_rdma_netdev() se elimina incluyendo free_netdev() ya que el c\u00f3digo central de netdev elimina las llamadas free_netdev() - El cambio a las entradas aceleradas se mueve a la ruta de \u00e9xito.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.8\",\"versionEndExcluding\":\"5.10.99\",\"matchCriteriaId\":\"539F713A-F940-4698-BC87-245228B4AB3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.22\",\"matchCriteriaId\":\"74528AA6-B524-4C3F-B188-1194235FE47D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.16.8\",\"matchCriteriaId\":\"0623892A-E3E4-44E6-8A5E-39A0B47AF782\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6E34B23-78B4-4516-9BD8-61B33F4AC49A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.