CVE-2022-48751

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc4+

Description The issue is related to a kernel NULL pointer dereference in the smc setsockopt() function, caused by accessing smc->clcsock after it has been released. This can lead to a crash. The problem is addressed by holding clcsock release lock and checking whether clcsock has already been released before access. The patch also checks smc->clcsock in smc getsockopt() and smc switch to fallback() to prevent similar crashes.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the net/smc: Transitional solution for clcsock race issue. As a temporary workaround, consider disabling the smc setsockopt() function until a patch is available. Restrict access to the vulnerable module net/smc to minimize the risk of exploitation. Avoid using the smc setsockopt() function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.