What is the severity of CVE-2022-49930?

CVE-2022-49930 has a medium severity level due to the potential for denial of service caused by the NULL pointer dereference in the Linux kernel.

How do I fix CVE-2022-49930?

To fix CVE-2022-49930, ensure that you update your Linux kernel to the latest patched version that addresses this vulnerability.

What systems are affected by CVE-2022-49930?

CVE-2022-49930 affects various versions of the Linux kernel that utilize the RDMA/hns component.

What type of vulnerability is CVE-2022-49930?

CVE-2022-49930 is a concurrency-related vulnerability resulting from a NULL pointer dereference during lock grabbing.

Are there any workarounds for CVE-2022-49930?

While upgrading the kernel is the primary solution, limiting access to the affected RDMA functionalities can serve as a temporary workaround.

Vulnerability/
CVE-2022-49930

CWE

476

1/5/2025

2/5/2025

CVE-2022-49930: RDMA/hns: Fix NULL pointer problem in free_mr_init()

First published: Thu May 01 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix NULL pointer problem in free_mr_init() Lock grab occurs in a concurrent scenario, resulting in stepping on a NULL pointer. It should be init mutex_init() first before use the lock. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: __mutex_lock.constprop.0+0xd0/0x5c0 __mutex_lock_slowpath+0x1c/0x2c mutex_lock+0x44/0x50 free_mr_send_cmd_to_hw+0x7c/0x1c0 [hns_roce_hw_v2] hns_roce_v2_dereg_mr+0x30/0x40 [hns_roce_hw_v2] hns_roce_dereg_mr+0x4c/0x130 [hns_roce_hw_v2] ib_dereg_mr_user+0x54/0x124 uverbs_free_mr+0x24/0x30 destroy_hw_idr_uobject+0x38/0x74 uverbs_destroy_uobject+0x48/0x1c4 uobj_destroy+0x74/0xcc ib_uverbs_cmd_verbs+0x368/0xbb0 ib_uverbs_ioctl+0xec/0x1a4 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0x58/0x190 do_el0_svc+0x30/0x90 el0_svc+0x2c/0xb4 el0t_64_sync_handler+0x1a4/0x1b0 el0t_64_sync+0x19c/0x1a0

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-49930?
CVE-2022-49930 has a medium severity level due to the potential for denial of service caused by the NULL pointer dereference in the Linux kernel.
How do I fix CVE-2022-49930?
To fix CVE-2022-49930, ensure that you update your Linux kernel to the latest patched version that addresses this vulnerability.
What systems are affected by CVE-2022-49930?
CVE-2022-49930 affects various versions of the Linux kernel that utilize the RDMA/hns component.
What type of vulnerability is CVE-2022-49930?
CVE-2022-49930 is a concurrency-related vulnerability resulting from a NULL pointer dereference during lock grabbing.
Are there any workarounds for CVE-2022-49930?
While upgrading the kernel is the primary solution, limiting access to the affected RDMA functionalities can serve as a temporary workaround.

collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/source
agent/tags
agent/event
vendor/linux foundation
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.