GHSA-92V5-XM5J-8RC5

Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-22 18:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hfi1: Prevent panic when SDMA is disabled

If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to hfi1_write_iter() will dereference a NULL pointer and panic. A typical stack frame is:

sdma_select_user_engine [hfi1] hfi1_user_sdma_process_request [hfi1] hfi1_write_iter [hfi1] do_iter_readv_writev do_iter_write vfs_writev do_writev do_syscall_64

The fix is to test for SDMA in hfi1_write_iter() and fail the I/O with EINVAL.

Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Prevent panic when SDMA is disabled\n\nIf the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to\nhfi1_write_iter() will dereference a NULL pointer and panic. A typical\nstack frame is:\n\n  sdma_select_user_engine [hfi1]\n  hfi1_user_sdma_process_request [hfi1]\n  hfi1_write_iter [hfi1]\n  do_iter_readv_writev\n  do_iter_write\n  vfs_writev\n  do_writev\n  do_syscall_64\n\nThe fix is to test for SDMA in hfi1_write_iter() and fail the I/O with\nEINVAL.",
  "id": "GHSA-92v5-xm5j-8rc5",
  "modified": "2025-10-22T18:30:30Z",
  "published": "2025-10-22T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49429"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e4dda8b3f4c07ee9ea670a10ea3171a5e63a86f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/22e7e400fd1a890db2ea13686324aff50e972f4f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29952ab85d6c3fe0b7909d9a737f10c58bf6824d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/32e6aea33944f364d51cd263e4cd236393a188b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/629e052d0c98e46dde9f0824f0aa437f678d9b8f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc80d3c37cec9d6ddb140483647901bc7cc6c31d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e60ad83f645ee6fadd5a8057ba267aeec54f08fe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.