CVE-2022-49433

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49433
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49433.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49433
Related
Published
2025-02-26T07:01:19Z
Modified
2025-02-26T19:01:21.689390Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hfi1: Prevent use of lock before it is initialized

If there is a failure during probe of hfi1 before the sdmamaplock is initialized, the call to hfi1freedevdata() will attempt to use a lock that has not been initialized. If the locking correctness validator is on then an INFO message and stack trace resembling the following may be seen:

INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. Call Trace: registerlockclass+0x11b/0x880 _lockacquire+0xf3/0x7930 lockacquire+0xff/0x2d0 _rawspinlockirq+0x46/0x60 sdmaclean+0x42a/0x660 [hfi1] hfi1freedevdata+0x3a7/0x420 [hfi1] initone+0x867/0x11a0 [hfi1] pcideviceprobe+0x40e/0x8d0

The use of sdmamaplock in sdmaclean() is for freeing the sdmamap memory, and sdmamap is not allocated/initialized until after sdmamaplock has been initialized. This code only needs to be run if sdmamap is not NULL, and so checking for that condition will avoid trying to use the lock before it is initialized.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.127-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}