CVE-2022-48692: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd->result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address: 0000000000000170 PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014 Workqueue: 0x0 (kblockd) RIP: 0010:srp_recv_done+0x176/0x500 [ib_srp] Code: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6 42 13 <41> 89 87 70 01 00 00 41 0f b6 52 12 f6 c2 02 74 44 41 8b 42 1c b9 RSP: 0018:ffffaef7c0003e28 EFLAGS: 00000282 RAX: 0000000000000000 RBX: ffff9bc9486dea60 RCX: 0000000000000000 RDX: 0000000000000102 RSI: ffffffffb76bbd0e RDI: 00000000ffffffff RBP: ffff9bc980099a00 R08: 0000000000000001 R09: 0000000000000001 R10: ffff9bca53ef0000 R11: ffff9bc980099a10 R12: ffff9bc956e14000 R13: ffff9bc9836b9cb0 R14: ffff9bc9557b4480 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9bc97ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000170 CR3: 0000000007e04000 CR4: 00000000000006f0 Call Trace: <IRQ> __ib_process_cq+0xb7/0x280 [ib_core] ib_poll_handler+0x2b/0x130 [ib_core] irq_poll_softirq+0x93/0x150 __do_softirq+0xee/0x4b8 irq_exit_rcu+0xf7/0x130 sysvec_apic_timer_interrupt+0x8e/0xc0 </IRQ>
AI Analysis
Technical Summary
CVE-2022-48692 is a vulnerability identified in the Linux kernel specifically within the RDMA (Remote Direct Memory Access) subsystem, more precisely in the SRP (SCSI RDMA Protocol) driver component. The issue arises from improper handling of a kernel pointer, where the scmnd (SCSI command) pointer is dereferenced without a prior null check. This leads to a NULL pointer dereference, causing a kernel crash (kernel oops) and potential denial of service. The vulnerability manifests as a NULL pointer dereference at a fixed address (0x170), triggered occasionally by the blktests srp/007 test case, indicating a race or timing condition in the SRP receive completion handler (srp_recv_done function). The kernel stack trace shows the fault occurs during processing of completion queues in the InfiniBand core (ib_core), which handles RDMA communication. The bug is reproducible on Linux kernel version 6.0.0-rc1+ and likely affects other versions with the same vulnerable code. The root cause is that scmnd->result is set without verifying scmnd is non-NULL, leading to dereferencing a NULL pointer. This vulnerability is a stability and availability risk, as it can cause kernel panics or crashes, disrupting services relying on RDMA/SRP. There is no indication of privilege escalation or direct code execution, but the kernel crash can be triggered remotely if the attacker can send crafted SRP/RDMA packets to the vulnerable system. No known exploits are reported in the wild yet, and no CVSS score is assigned. The vulnerability affects Linux kernel builds using the SRP driver, which is common in environments using RDMA for high-performance storage or networking, such as data centers and HPC clusters.
Potential Impact
For European organizations, the impact of CVE-2022-48692 primarily concerns availability and operational stability of Linux systems utilizing RDMA and SRP protocols. Organizations in sectors such as finance, research, telecommunications, and cloud service providers that deploy Linux servers with RDMA-enabled storage or networking could experience unexpected kernel crashes leading to service interruptions or downtime. This could affect critical infrastructure relying on high-speed data transfers, including storage area networks and HPC workloads. While the vulnerability does not appear to allow privilege escalation or data breaches directly, denial of service in kernel space can disrupt business continuity and cause cascading failures in dependent systems. The impact is more severe in environments where uptime and low latency are critical. Additionally, recovery from kernel panics may require manual intervention or system reboots, increasing operational costs and risk of data loss if not properly managed. Since RDMA is increasingly used in European data centers for performance optimization, the vulnerability could affect a significant subset of Linux servers if unpatched. However, organizations not using RDMA or SRP are not impacted.
Mitigation Recommendations
To mitigate CVE-2022-48692, European organizations should: 1) Apply the official Linux kernel patches that fix the null pointer dereference by ensuring scmnd is non-NULL before accessing its members. Monitor Linux kernel mailing lists and vendor advisories for updated stable kernel releases containing this fix. 2) Identify and inventory all Linux systems running RDMA/SRP drivers, especially those handling storage or high-performance networking workloads. 3) If immediate patching is not feasible, consider disabling the SRP driver or RDMA functionality temporarily on affected systems to prevent exploitation, though this may impact performance. 4) Implement network segmentation and strict access controls to limit exposure of RDMA services to trusted hosts only, reducing the attack surface. 5) Monitor kernel logs and system stability metrics for signs of crashes or oops messages related to ib_srp or ib_core modules. 6) Incorporate this vulnerability into incident response and vulnerability management workflows to ensure timely remediation. 7) Engage with Linux distribution vendors for backported patches and security advisories relevant to their kernel versions. These steps go beyond generic advice by focusing on the specific subsystem and operational context of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Switzerland, Belgium, Italy
CVE-2022-48692: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd->result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address: 0000000000000170 PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014 Workqueue: 0x0 (kblockd) RIP: 0010:srp_recv_done+0x176/0x500 [ib_srp] Code: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6 42 13 <41> 89 87 70 01 00 00 41 0f b6 52 12 f6 c2 02 74 44 41 8b 42 1c b9 RSP: 0018:ffffaef7c0003e28 EFLAGS: 00000282 RAX: 0000000000000000 RBX: ffff9bc9486dea60 RCX: 0000000000000000 RDX: 0000000000000102 RSI: ffffffffb76bbd0e RDI: 00000000ffffffff RBP: ffff9bc980099a00 R08: 0000000000000001 R09: 0000000000000001 R10: ffff9bca53ef0000 R11: ffff9bc980099a10 R12: ffff9bc956e14000 R13: ffff9bc9836b9cb0 R14: ffff9bc9557b4480 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9bc97ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000170 CR3: 0000000007e04000 CR4: 00000000000006f0 Call Trace: <IRQ> __ib_process_cq+0xb7/0x280 [ib_core] ib_poll_handler+0x2b/0x130 [ib_core] irq_poll_softirq+0x93/0x150 __do_softirq+0xee/0x4b8 irq_exit_rcu+0xf7/0x130 sysvec_apic_timer_interrupt+0x8e/0xc0 </IRQ>
AI-Powered Analysis
Technical Analysis
CVE-2022-48692 is a vulnerability identified in the Linux kernel specifically within the RDMA (Remote Direct Memory Access) subsystem, more precisely in the SRP (SCSI RDMA Protocol) driver component. The issue arises from improper handling of a kernel pointer, where the scmnd (SCSI command) pointer is dereferenced without a prior null check. This leads to a NULL pointer dereference, causing a kernel crash (kernel oops) and potential denial of service. The vulnerability manifests as a NULL pointer dereference at a fixed address (0x170), triggered occasionally by the blktests srp/007 test case, indicating a race or timing condition in the SRP receive completion handler (srp_recv_done function). The kernel stack trace shows the fault occurs during processing of completion queues in the InfiniBand core (ib_core), which handles RDMA communication. The bug is reproducible on Linux kernel version 6.0.0-rc1+ and likely affects other versions with the same vulnerable code. The root cause is that scmnd->result is set without verifying scmnd is non-NULL, leading to dereferencing a NULL pointer. This vulnerability is a stability and availability risk, as it can cause kernel panics or crashes, disrupting services relying on RDMA/SRP. There is no indication of privilege escalation or direct code execution, but the kernel crash can be triggered remotely if the attacker can send crafted SRP/RDMA packets to the vulnerable system. No known exploits are reported in the wild yet, and no CVSS score is assigned. The vulnerability affects Linux kernel builds using the SRP driver, which is common in environments using RDMA for high-performance storage or networking, such as data centers and HPC clusters.
Potential Impact
For European organizations, the impact of CVE-2022-48692 primarily concerns availability and operational stability of Linux systems utilizing RDMA and SRP protocols. Organizations in sectors such as finance, research, telecommunications, and cloud service providers that deploy Linux servers with RDMA-enabled storage or networking could experience unexpected kernel crashes leading to service interruptions or downtime. This could affect critical infrastructure relying on high-speed data transfers, including storage area networks and HPC workloads. While the vulnerability does not appear to allow privilege escalation or data breaches directly, denial of service in kernel space can disrupt business continuity and cause cascading failures in dependent systems. The impact is more severe in environments where uptime and low latency are critical. Additionally, recovery from kernel panics may require manual intervention or system reboots, increasing operational costs and risk of data loss if not properly managed. Since RDMA is increasingly used in European data centers for performance optimization, the vulnerability could affect a significant subset of Linux servers if unpatched. However, organizations not using RDMA or SRP are not impacted.
Mitigation Recommendations
To mitigate CVE-2022-48692, European organizations should: 1) Apply the official Linux kernel patches that fix the null pointer dereference by ensuring scmnd is non-NULL before accessing its members. Monitor Linux kernel mailing lists and vendor advisories for updated stable kernel releases containing this fix. 2) Identify and inventory all Linux systems running RDMA/SRP drivers, especially those handling storage or high-performance networking workloads. 3) If immediate patching is not feasible, consider disabling the SRP driver or RDMA functionality temporarily on affected systems to prevent exploitation, though this may impact performance. 4) Implement network segmentation and strict access controls to limit exposure of RDMA services to trusted hosts only, reducing the attack surface. 5) Monitor kernel logs and system stability metrics for signs of crashes or oops messages related to ib_srp or ib_core modules. 6) Incorporate this vulnerability into incident response and vulnerability management workflows to ensure timely remediation. 7) Engage with Linux distribution vendors for backported patches and security advisories relevant to their kernel versions. These steps go beyond generic advice by focusing on the specific subsystem and operational context of the vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-03T14:55:07.144Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5e9d
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 6:57:47 PM
Last updated: 8/17/2025, 5:02:57 PM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.