CVE-2022-49931

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue is related to the IB/hfi1 module, where a commit incorrectly tries to move a list from one list head to another, resulting in a kernel crash. The crash occurs when a link goes down and there are waiters for a send to complete. The error signature includes a kernel NULL pointer dereference. The call trace involves several functions, including sc disable(), pio freeze(), handle freeze(), process one work(), and worker thread(). The fix involves using the correct call to move the list.

Recommendations To resolve the issue, utilize the correct call to move the list in the sc disable() function. As a temporary workaround, consider disabling the sc disable() function until a patch is available. Restrict access to the IB/hfi1 module to minimize the risk of exploitation. Avoid using the affected functions, such as pio freeze() and handle freeze(), until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.