CVE-2022-49979

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0

Description A refcount bug in the Linux kernel has been resolved. The issue occurs during the SMC fallback process in the connect syscall, where the kernel replaces TCP with SMC and sets the clcsk->sk user data to the origin SMC socket. Later, in the shutdown syscall, the kernel calls sk psock get(), which treats the clcsk->sk user data as a psock type, triggering a refcount warning. The root cause is that SMC and psock both use the sk user data field, leading to a mismatch. The patch solves this by using another bit in PTRMASK to mark whether sk user data points to a psock object or not.

Recommendations For Linux kernel versions prior to 5.18.0, apply the patch that introduces a new bit in PTRMASK to mark whether sk user data points to a psock object or not. This patch depends on a PTRMASK introduced in a previous commit. As a temporary workaround, consider disabling the sk psock get() function until a patch is available. Restrict access to the vulnerable sk user data field to minimize the risk of exploitation. Avoid using the clcsk->sk user data field in the affected API endpoints until the issue is resolved.