CVE-2022-49931: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in sc_disable() Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()") incorrectly tries to move a list from one list head to another. The result is a kernel crash. The crash is triggered when a link goes down and there are waiters for a send to complete. The following signature is seen: BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] Call Trace: sc_disable+0x1ba/0x240 [hfi1] pio_freeze+0x3d/0x60 [hfi1] handle_freeze+0x27/0x1b0 [hfi1] process_one_work+0x1b0/0x380 ? process_one_work+0x380/0x380 worker_thread+0x30/0x360 ? process_one_work+0x380/0x380 kthread+0xd7/0x100 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 The fix is to use the correct call to move the list.
AI Analysis
Technical Summary
CVE-2022-49931 is a vulnerability in the Linux kernel specifically affecting the InfiniBand (IB) hfi1 driver component. The issue arises from an incorrect handling of a linked list in the function sc_disable(), which is part of the hfi1 driver code. The vulnerability was introduced by commit 13bac861952a, which attempted to fix an ABBA locking issue but incorrectly moved a list from one list head to another. This improper list manipulation leads to a NULL pointer dereference and consequently causes a kernel crash. The crash is triggered when a network link goes down while there are pending send operations waiting to complete. The kernel logs reveal a NULL pointer dereference at address 0x30, with a call trace pointing to sc_disable() and related functions such as pio_freeze() and handle_freeze(). The root cause is the misuse of list movement functions in the kernel code, and the fix involves correcting the call to properly move the list, preventing the NULL pointer dereference and kernel panic. This vulnerability affects specific Linux kernel versions identified by commit hashes, indicating it is present in certain recent kernel builds prior to the fix. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux systems with InfiniBand hfi1 drivers—commonly used in high-performance computing (HPC) clusters, data centers, and research institutions—this vulnerability can cause unexpected kernel crashes leading to denial of service (DoS). The kernel panic triggered by the NULL pointer dereference can disrupt critical workloads, degrade system availability, and potentially cause data loss if processes are abruptly terminated. While this vulnerability does not directly lead to privilege escalation or data confidentiality breaches, the availability impact on systems running HPC or latency-sensitive applications can be significant. Organizations in sectors such as scientific research, financial services, and telecommunications that utilize InfiniBand for low-latency, high-throughput networking may experience operational disruptions. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the crash, especially during network link failures or maintenance events.
Mitigation Recommendations
European organizations should promptly identify Linux systems running kernels with the affected hfi1 driver versions. Applying the official kernel patches that correct the list movement in sc_disable() is the primary mitigation step. If immediate patching is not feasible, administrators should monitor network link status closely and avoid conditions that cause link down events with pending send operations on affected systems. Implementing kernel crash monitoring and automated recovery mechanisms can reduce downtime impact. Additionally, organizations should review their HPC and data center network configurations to minimize link flapping and ensure redundancy. Testing updated kernel versions in staging environments before deployment is recommended to avoid regressions. Maintaining up-to-date kernel versions and subscribing to Linux kernel security advisories will help detect and remediate similar issues promptly.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Switzerland, Finland, Italy
CVE-2022-49931: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in sc_disable() Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()") incorrectly tries to move a list from one list head to another. The result is a kernel crash. The crash is triggered when a link goes down and there are waiters for a send to complete. The following signature is seen: BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] Call Trace: sc_disable+0x1ba/0x240 [hfi1] pio_freeze+0x3d/0x60 [hfi1] handle_freeze+0x27/0x1b0 [hfi1] process_one_work+0x1b0/0x380 ? process_one_work+0x380/0x380 worker_thread+0x30/0x360 ? process_one_work+0x380/0x380 kthread+0xd7/0x100 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 The fix is to use the correct call to move the list.
AI-Powered Analysis
Technical Analysis
CVE-2022-49931 is a vulnerability in the Linux kernel specifically affecting the InfiniBand (IB) hfi1 driver component. The issue arises from an incorrect handling of a linked list in the function sc_disable(), which is part of the hfi1 driver code. The vulnerability was introduced by commit 13bac861952a, which attempted to fix an ABBA locking issue but incorrectly moved a list from one list head to another. This improper list manipulation leads to a NULL pointer dereference and consequently causes a kernel crash. The crash is triggered when a network link goes down while there are pending send operations waiting to complete. The kernel logs reveal a NULL pointer dereference at address 0x30, with a call trace pointing to sc_disable() and related functions such as pio_freeze() and handle_freeze(). The root cause is the misuse of list movement functions in the kernel code, and the fix involves correcting the call to properly move the list, preventing the NULL pointer dereference and kernel panic. This vulnerability affects specific Linux kernel versions identified by commit hashes, indicating it is present in certain recent kernel builds prior to the fix. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux systems with InfiniBand hfi1 drivers—commonly used in high-performance computing (HPC) clusters, data centers, and research institutions—this vulnerability can cause unexpected kernel crashes leading to denial of service (DoS). The kernel panic triggered by the NULL pointer dereference can disrupt critical workloads, degrade system availability, and potentially cause data loss if processes are abruptly terminated. While this vulnerability does not directly lead to privilege escalation or data confidentiality breaches, the availability impact on systems running HPC or latency-sensitive applications can be significant. Organizations in sectors such as scientific research, financial services, and telecommunications that utilize InfiniBand for low-latency, high-throughput networking may experience operational disruptions. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the crash, especially during network link failures or maintenance events.
Mitigation Recommendations
European organizations should promptly identify Linux systems running kernels with the affected hfi1 driver versions. Applying the official kernel patches that correct the list movement in sc_disable() is the primary mitigation step. If immediate patching is not feasible, administrators should monitor network link status closely and avoid conditions that cause link down events with pending send operations on affected systems. Implementing kernel crash monitoring and automated recovery mechanisms can reduce downtime impact. Additionally, organizations should review their HPC and data center network configurations to minimize link flapping and ensure redundancy. Testing updated kernel versions in staging environments before deployment is recommended to avoid regressions. Maintaining up-to-date kernel versions and subscribing to Linux kernel security advisories will help detect and remediate similar issues promptly.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.254Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdd79e
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 1:10:37 AM
Last updated: 7/28/2025, 6:28:49 AM
Views: 11
Related Threats
CVE-2025-2184: CWE-1392: Use of Default Credentials in Palo Alto Networks Cortex XDR Broker VM
MediumCVE-2025-2183: CWE-295 Improper Certificate Validation in Palo Alto Networks GlobalProtect App
MediumCVE-2025-2182: CWE-312 Cleartext Storage of Sensitive Information in Palo Alto Networks Cloud NGFW
MediumCVE-2025-2181: CWE-312 Cleartext Storage of Sensitive Information in Palo Alto Networks Checkov by Prisma Cloud
MediumCVE-2025-2180: CWE-502 Deserialization of Untrusted Data in Palo Alto Networks Checkov by Prisma Cloud
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.