In the Linux kernel, an important vulnerability has recently been fixed, associated with the InfiniBand subsystem (hfi1 module). The vulnerability, identified as CVE-2022-49931, specifically revolves around the sc_disable() function, causing a kernel crash when certain conditions are met. In this post, we will discuss the details of this vulnerability, the cause, and the solution implemented by the developers.
Details
The vulnerability was triggered due to an incorrect attempt to move a list from one list head to another, within the sc_disable() function. This error was introduced in a previous commit, titled "IB/hfi1: Fix abba locking issue with sc_disable()" (Commit 13bac861952a). The kernel crash occurs when a link goes down and there are waiters for a send operation to be completed.
Upon experiencing the vulnerability, you would see a crash signature that looks like
BUG: kernel NULL pointer dereference, address: 000000000000003
[...]
Call Trace:
sc_disable+x1ba/x240 [hfi1]
pio_freeze+x3d/x60 [hfi1]
handle_freeze+x27/x1b [hfi1]
process_one_work+x1b/x380
? process_one_work+x380/x380
worker_thread+x30/x360
? process_one_work+x380/x380
kthread+xd7/x100
? kthread_complete_and_exit+x20/x20
ret_from_fork+x1f/x30
The Fix
In order to fix the vulnerability, the developers corrected the function call used to move the list. This solution effectively prevents the kernel crash and restores the expected behavior of the sc_disable() function.
The commit that resolved the issue can be found here.
Conclusion
In summary, CVE-2022-49931 refers to a Linux kernel vulnerability that existed within the sc_disable() function in the hfi1 module. Thanks to the efforts of the developers, this vulnerability is now resolved, as demonstrated by the implementation of the correct function call for moving the list. It is highly recommended for Linux kernel users to update their systems with the latest security patches to avoid exposure to this vulnerability.
Timeline
Published on: 05/01/2025 15:16:19 UTC
Last modified on: 05/07/2025 13:29:02 UTC