What is the severity of CVE-2022-49925?

CVE-2022-49925 is classified as a medium severity vulnerability in the Linux kernel.

What impact does CVE-2022-49925 have on systems running affected versions of the Linux kernel?

CVE-2022-49925 can lead to a null pointer dereference, potentially causing system crashes or instability.

How do I fix CVE-2022-49925?

To fix CVE-2022-49925, upgrade to the latest version of the Linux kernel that includes the patch addressing this vulnerability.

Which versions of the Linux kernel are affected by CVE-2022-49925?

CVE-2022-49925 affects multiple versions of the Linux kernel before the patch was applied.

Is there a workaround for CVE-2022-49925 if I cannot immediately upgrade my Linux kernel?

Currently, there are no known effective workarounds for CVE-2022-49925; upgrading is recommended.

Vulnerability/
CVE-2022-49925

1/5/2025

CVE-2022-49925: RDMA/core: Fix null-ptr-deref in ib_core_cleanup()

First published: Thu May 01 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 1 PID: 379 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:destroy_workqueue+0x2f/0x740 RSP: 0018:ffff888016137df8 EFLAGS: 00000202 ... Call Trace: ib_core_cleanup+0xa/0xa1 [ib_core] __do_sys_delete_module.constprop.0+0x34f/0x5b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa1a0d221b7 ... It is because the fail of roce_gid_mgmt_init() is ignored: ib_core_init() roce_gid_mgmt_init() gid_cache_wq = alloc_ordered_workqueue # fail ... ib_core_cleanup() roce_gid_mgmt_cleanup() destroy_workqueue(gid_cache_wq) # destroy an unallocated wq Fix this by catching the fail of roce_gid_mgmt_init() in ib_core_init().

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-49925?
CVE-2022-49925 is classified as a medium severity vulnerability in the Linux kernel.
What impact does CVE-2022-49925 have on systems running affected versions of the Linux kernel?
CVE-2022-49925 can lead to a null pointer dereference, potentially causing system crashes or instability.
How do I fix CVE-2022-49925?
To fix CVE-2022-49925, upgrade to the latest version of the Linux kernel that includes the patch addressing this vulnerability.
Which versions of the Linux kernel are affected by CVE-2022-49925?
CVE-2022-49925 affects multiple versions of the Linux kernel before the patch was applied.
Is there a workaround for CVE-2022-49925 if I cannot immediately upgrade my Linux kernel?
Currently, there are no known effective workarounds for CVE-2022-49925; upgrading is recommended.

collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/source
agent/tags
agent/event
vendor/linux
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.