cve/published/2022/CVE-2022-49321.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49321: xprtrdma: treat all calls not a bcall when bc_serv is NULL

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 xprtrdma: treat all calls not a bcall when bc_serv is NULL

 When a rdma server returns a fault format reply, nfs v3 client may
 treats it as a bcall when bc service is not exist.

 The debug message at rpcrdma_bc_receive_call are,

 [56579.837169] RPC:       rpcrdma_bc_receive_call: callback XID
 00000001, length=20
 [56579.837174] RPC:       rpcrdma_bc_receive_call: 00 00 00 01 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 04

 After that, rpcrdma_bc_receive_call will meets NULL pointer as,

 [  226.057890] BUG: unable to handle kernel NULL pointer dereference at
 00000000000000c8
 ...
 [  226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20
 ...
 [  226.059732] Call Trace:
 [  226.059878]  rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma]
 [  226.060011]  __ib_process_cq+0x89/0x170 [ib_core]
 [  226.060092]  ib_cq_poll_work+0x26/0x80 [ib_core]
 [  226.060257]  process_one_work+0x1a7/0x360
 [  226.060367]  ? create_worker+0x1a0/0x1a0
 [  226.060440]  worker_thread+0x30/0x390
 [  226.060500]  ? create_worker+0x1a0/0x1a0
 [  226.060574]  kthread+0x116/0x130
 [  226.060661]  ? kthread_flush_work_fn+0x10/0x10
 [  226.060724]  ret_from_fork+0x35/0x40
 ...

 The Linux kernel CVE team has assigned CVE-2022-49321 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.14.283 with commit 8e3943c50764dc7c5f25911970c3ff062ec1f18c
 	Fixed in 4.19.247 with commit 998d35a2aff4b81a1c784f3aa45cd3afff6814c1
 	Fixed in 5.4.198 with commit da99331fa62131a38a0947a8204c5208de7b0454
 	Fixed in 5.10.122 with commit 8dbae5affbdbf524b48000f9d357925bb001e5f4
 	Fixed in 5.15.47 with commit a3fc8051ee061e31db13e2fe011e8e0b71a7f815
 	Fixed in 5.17.15 with commit 90c4f73104016748533a5707ecd15930fbeff402
 	Fixed in 5.18.4 with commit 91784f3d77b73885e1b2e6b59d3cbf0de0a1126a
 	Fixed in 5.19 with commit 11270e7ca268e8d61b5d9e5c3a54bd1550642c9c

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49321
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/sunrpc/xprtrdma/rpc_rdma.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/8e3943c50764dc7c5f25911970c3ff062ec1f18c
 	https://git.kernel.org/stable/c/998d35a2aff4b81a1c784f3aa45cd3afff6814c1
 	https://git.kernel.org/stable/c/da99331fa62131a38a0947a8204c5208de7b0454
 	https://git.kernel.org/stable/c/8dbae5affbdbf524b48000f9d357925bb001e5f4
 	https://git.kernel.org/stable/c/a3fc8051ee061e31db13e2fe011e8e0b71a7f815
 	https://git.kernel.org/stable/c/90c4f73104016748533a5707ecd15930fbeff402
 	https://git.kernel.org/stable/c/91784f3d77b73885e1b2e6b59d3cbf0de0a1126a
 	https://git.kernel.org/stable/c/11270e7ca268e8d61b5d9e5c3a54bd1550642c9c
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49321: xprtrdma: treat all calls not a bcall when bc_serv is NULL

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	xprtrdma: treat all calls not a bcall when bc_serv is NULL

	When a rdma server returns a fault format reply, nfs v3 client may
	treats it as a bcall when bc service is not exist.

	The debug message at rpcrdma_bc_receive_call are,

	[56579.837169] RPC: rpcrdma_bc_receive_call: callback XID
	00000001, length=20
	[56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00
	00 00 00 00 00 00 00 00 00 00 00 00 04

	After that, rpcrdma_bc_receive_call will meets NULL pointer as,

	[ 226.057890] BUG: unable to handle kernel NULL pointer dereference at
	00000000000000c8
	...
	[ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20
	...
	[ 226.059732] Call Trace:
	[ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma]
	[ 226.060011] __ib_process_cq+0x89/0x170 [ib_core]
	[ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core]
	[ 226.060257] process_one_work+0x1a7/0x360
	[ 226.060367] ? create_worker+0x1a0/0x1a0
	[ 226.060440] worker_thread+0x30/0x390
	[ 226.060500] ? create_worker+0x1a0/0x1a0
	[ 226.060574] kthread+0x116/0x130
	[ 226.060661] ? kthread_flush_work_fn+0x10/0x10
	[ 226.060724] ret_from_fork+0x35/0x40
	...

	The Linux kernel CVE team has assigned CVE-2022-49321 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.14.283 with commit 8e3943c50764dc7c5f25911970c3ff062ec1f18c
	Fixed in 4.19.247 with commit 998d35a2aff4b81a1c784f3aa45cd3afff6814c1
	Fixed in 5.4.198 with commit da99331fa62131a38a0947a8204c5208de7b0454
	Fixed in 5.10.122 with commit 8dbae5affbdbf524b48000f9d357925bb001e5f4
	Fixed in 5.15.47 with commit a3fc8051ee061e31db13e2fe011e8e0b71a7f815
	Fixed in 5.17.15 with commit 90c4f73104016748533a5707ecd15930fbeff402
	Fixed in 5.18.4 with commit 91784f3d77b73885e1b2e6b59d3cbf0de0a1126a
	Fixed in 5.19 with commit 11270e7ca268e8d61b5d9e5c3a54bd1550642c9c

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49321
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/sunrpc/xprtrdma/rpc_rdma.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/8e3943c50764dc7c5f25911970c3ff062ec1f18c
	https://git.kernel.org/stable/c/998d35a2aff4b81a1c784f3aa45cd3afff6814c1
	https://git.kernel.org/stable/c/da99331fa62131a38a0947a8204c5208de7b0454
	https://git.kernel.org/stable/c/8dbae5affbdbf524b48000f9d357925bb001e5f4
	https://git.kernel.org/stable/c/a3fc8051ee061e31db13e2fe011e8e0b71a7f815
	https://git.kernel.org/stable/c/90c4f73104016748533a5707ecd15930fbeff402
	https://git.kernel.org/stable/c/91784f3d77b73885e1b2e6b59d3cbf0de0a1126a
	https://git.kernel.org/stable/c/11270e7ca268e8d61b5d9e5c3a54bd1550642c9c