CVE-2022-50137

During a destroy CQ an interrupt may cause processing of a CQE after CQ resources are freed by irdmacqfreersrc(). Fix this by moving the call to irdmacqfreersrc() after the irdmasccleanupceqes(), which is called under the cqlock.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50137.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b48c24c2d710cf34810c555dcef883a3d35a9c08

Fixed

92520864ef9f912f38b403d172a0ded020683d55

Fixed

0abf2eef80295923b819ce89ff9edc1fe61be17c

Fixed

350ac793a03c8a30a3f2b27fc282cd1c67070763

Fixed

8ecef7890b3aea78c8bbb501a4b5b8134367b821

Affected versions

v5.*

v5.13

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.18.1

v5.18.10

v5.18.11

v5.18.12

v5.18.13

v5.18.14

v5.18.15

v5.18.16

v5.18.17

v5.18.2

v5.18.3

v5.18.4

v5.18.5

v5.18.6

v5.18.7

v5.18.8

v5.18.9

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v5.19.1

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "155782867931251511385371953269905046593",
                "266765456160989854303536420098795647854",
                "97260122146774105103563780801096527561",
                "196959728076130838640481596635808623935",
                "234056175017887846378591233069509109725",
                "144426384076508437501546813244594552110",
                "238896199840418876900780568985304742386"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2022-50137-0259322f",
        "target": {
            "file": "drivers/infiniband/hw/irdma/verbs.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8ecef7890b3aea78c8bbb501a4b5b8134367b821"
    },
    {
        "digest": {
            "length": 729.0,
            "function_hash": "103803051548315307702093095836794581118"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50137-307fd14a",
        "target": {
            "function": "irdma_destroy_cq",
            "file": "drivers/infiniband/hw/irdma/verbs.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8ecef7890b3aea78c8bbb501a4b5b8134367b821"
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "155782867931251511385371953269905046593",
                "266765456160989854303536420098795647854",
                "97260122146774105103563780801096527561",
                "196959728076130838640481596635808623935",
                "234056175017887846378591233069509109725",
                "144426384076508437501546813244594552110",
                "238896199840418876900780568985304742386"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2022-50137-57943f80",
        "target": {
            "file": "drivers/infiniband/hw/irdma/verbs.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92520864ef9f912f38b403d172a0ded020683d55"
    },
    {
        "digest": {
            "length": 664.0,
            "function_hash": "67713685028318766975009612468450272887"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50137-6f346881",
        "target": {
            "function": "irdma_destroy_cq",
            "file": "drivers/infiniband/hw/irdma/verbs.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0abf2eef80295923b819ce89ff9edc1fe61be17c"
    },
    {
        "digest": {
            "length": 664.0,
            "function_hash": "67713685028318766975009612468450272887"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50137-7b82924f",
        "target": {
            "function": "irdma_destroy_cq",
            "file": "drivers/infiniband/hw/irdma/verbs.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92520864ef9f912f38b403d172a0ded020683d55"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "155782867931251511385371953269905046593",
                "266765456160989854303536420098795647854",
                "97260122146774105103563780801096527561",
                "196959728076130838640481596635808623935",
                "234056175017887846378591233069509109725",
                "144426384076508437501546813244594552110",
                "238896199840418876900780568985304742386"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2022-50137-aa90a7be",
        "target": {
            "file": "drivers/infiniband/hw/irdma/verbs.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@350ac793a03c8a30a3f2b27fc282cd1c67070763"
    },
    {
        "digest": {
            "length": 729.0,
            "function_hash": "103803051548315307702093095836794581118"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-50137-c5915209",
        "target": {
            "function": "irdma_destroy_cq",
            "file": "drivers/infiniband/hw/irdma/verbs.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@350ac793a03c8a30a3f2b27fc282cd1c67070763"
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "155782867931251511385371953269905046593",
                "266765456160989854303536420098795647854",
                "97260122146774105103563780801096527561",
                "196959728076130838640481596635808623935",
                "234056175017887846378591233069509109725",
                "144426384076508437501546813244594552110",
                "238896199840418876900780568985304742386"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2022-50137-ccf8847a",
        "target": {
            "file": "drivers/infiniband/hw/irdma/verbs.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0abf2eef80295923b819ce89ff9edc1fe61be17c"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50137.json"