In the Linux kernel, the following vulnerability has been resolved:
RDMA/siw: Fix duplicated reported IWCMEVENTCONNECTREPLY event
If siwrecvmparr returns -EAGAIN, it means that the MPA reply hasn't been received completely, and should not report IWCMEVENTCONNECTREPLY in this case. This may trigger a call trace in iwcm. A simple way to trigger this: server: ibsendlat client: ibsendlat -R <server_ip>
The call trace looks like this:
kernel BUG at drivers/infiniband/core/iwcm.c:894! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <...> Workqueue: iwcmwq cmworkhandler [iwcm] Call Trace: <TASK> cmworkhandler+0x1dd/0x370 [iwcm] processonework+0x1e2/0x3b0 workerthread+0x49/0x2e0 ? rescuerthread+0x370/0x370 kthread+0xe5/0x110 ? kthreadcompleteandexit+0x20/0x20 retfrom_fork+0x1f/0x30 </TASK>
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0066246d2d7e2619f3ecf3cf07333c59e6e7d84d",
"target": {
"function": "siw_proc_mpareply",
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-0d50f508",
"signature_version": "v1",
"digest": {
"length": 4069.0,
"function_hash": "153067457648806578656422846950836997926"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1434de50a5d9dab91c8ce031bc23b3e2178379c5",
"target": {
"function": "siw_proc_mpareply",
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-19110a2e",
"signature_version": "v1",
"digest": {
"length": 4069.0,
"function_hash": "153067457648806578656422846950836997926"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9ade92ddaf2347fb34298c02080caaa3cdd7c27b",
"target": {
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-40da7699",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"165498210553238040509723030013292231326",
"218066031751661507914163506681703610942",
"7941135526683389442418375678101018504",
"288702056332128369740057654017856410714",
"202649715539343714165449436469432021291",
"299982215152847054415906160458372197506",
"4669139391384332823079423053662412275",
"196959259186961741969361672185433814621",
"191724575424359843291815367960278293282",
"60818597438202801136923334300885102599",
"111670179849509552300647539862085454282"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3056fc6c32e613b760422b94c7617ac9a24a4721",
"target": {
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-448838ef",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"165498210553238040509723030013292231326",
"218066031751661507914163506681703610942",
"7941135526683389442418375678101018504",
"288702056332128369740057654017856410714",
"202649715539343714165449436469432021291",
"299982215152847054415906160458372197506",
"4669139391384332823079423053662412275",
"196959259186961741969361672185433814621",
"191724575424359843291815367960278293282",
"60818597438202801136923334300885102599",
"111670179849509552300647539862085454282"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6e26e1a5f600b760dc32135d3fac846eabe09e7",
"target": {
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-479503c8",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"165498210553238040509723030013292231326",
"218066031751661507914163506681703610942",
"7941135526683389442418375678101018504",
"288702056332128369740057654017856410714",
"202649715539343714165449436469432021291",
"299982215152847054415906160458372197506",
"4669139391384332823079423053662412275",
"196959259186961741969361672185433814621",
"191724575424359843291815367960278293282",
"60818597438202801136923334300885102599",
"111670179849509552300647539862085454282"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9ade92ddaf2347fb34298c02080caaa3cdd7c27b",
"target": {
"function": "siw_proc_mpareply",
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-50b99d64",
"signature_version": "v1",
"digest": {
"length": 4069.0,
"function_hash": "153067457648806578656422846950836997926"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@11edf0bba15ea9df49478affec7974f351bb2f6e",
"target": {
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-61f79336",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"165498210553238040509723030013292231326",
"218066031751661507914163506681703610942",
"7941135526683389442418375678101018504",
"288702056332128369740057654017856410714",
"202649715539343714165449436469432021291",
"299982215152847054415906160458372197506",
"4669139391384332823079423053662412275",
"196959259186961741969361672185433814621",
"191724575424359843291815367960278293282",
"60818597438202801136923334300885102599",
"111670179849509552300647539862085454282"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f6e26e1a5f600b760dc32135d3fac846eabe09e7",
"target": {
"function": "siw_proc_mpareply",
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-6575d074",
"signature_version": "v1",
"digest": {
"length": 4069.0,
"function_hash": "153067457648806578656422846950836997926"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0066246d2d7e2619f3ecf3cf07333c59e6e7d84d",
"target": {
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-a8ace9c0",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"165498210553238040509723030013292231326",
"218066031751661507914163506681703610942",
"7941135526683389442418375678101018504",
"288702056332128369740057654017856410714",
"202649715539343714165449436469432021291",
"299982215152847054415906160458372197506",
"4669139391384332823079423053662412275",
"196959259186961741969361672185433814621",
"191724575424359843291815367960278293282",
"60818597438202801136923334300885102599",
"111670179849509552300647539862085454282"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3056fc6c32e613b760422b94c7617ac9a24a4721",
"target": {
"function": "siw_proc_mpareply",
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-bc761401",
"signature_version": "v1",
"digest": {
"length": 4069.0,
"function_hash": "153067457648806578656422846950836997926"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1434de50a5d9dab91c8ce031bc23b3e2178379c5",
"target": {
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-c7d6e05c",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"165498210553238040509723030013292231326",
"218066031751661507914163506681703610942",
"7941135526683389442418375678101018504",
"288702056332128369740057654017856410714",
"202649715539343714165449436469432021291",
"299982215152847054415906160458372197506",
"4669139391384332823079423053662412275",
"196959259186961741969361672185433814621",
"191724575424359843291815367960278293282",
"60818597438202801136923334300885102599",
"111670179849509552300647539862085454282"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@11edf0bba15ea9df49478affec7974f351bb2f6e",
"target": {
"function": "siw_proc_mpareply",
"file": "drivers/infiniband/sw/siw/siw_cm.c"
},
"deprecated": false,
"id": "CVE-2022-50136-e4d1da9b",
"signature_version": "v1",
"digest": {
"length": 4069.0,
"function_hash": "153067457648806578656422846950836997926"
},
"signature_type": "Function"
}
]