CVE-2022-50135 Information

Jun 19, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup

The function rxe_create_qp calls rxe_qp_from_init. If some error occurs the error handler of function rxe_qp_from_init will set both scq and rcq to NULL.

Then rxe_create_qp calls rxe_put to handle qp. In the end rxe_qp_do_cleanup is called by rxe_put. rxe_qp_do_cleanup directly accesses scq and rcq before checking them. This will cause null-ptr-deref error.

The call graph is as below:

rxe_create_qp … rxe_qp_from_init … err1: … qp->rcq = NULL; <—rcq is set to NULL qp->scq = NULL; <—scq is set to NULL …

qp_init: rxe_put … rxe_qp_do_cleanup … atomic_dec(&qp->scq->num_wq); <— scq is accessed … atomic_dec(&qp->rcq->num_wq); <— rcq is accessed

Reference

https://git.kernel.org/stable/c/37da51efe6eaa0560f46803c8c436a48a2084da7 https://git.kernel.org/stable/c/8598b9d0a364c1663c96fc0fab9df0d36c809aea

CNNVD-202506-2421 (Published: 2025-06-18)

Share on:

CVE-2022-50135 Information

Description

Reference

Related CNNVD