{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50885","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-30T12:26:05.425Z","datePublished":"2025-12-30T12:34:12.093Z","dateUpdated":"2026-05-11T19:27:00.925Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:27:00.925Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed\n\nThere is a null-ptr-deref when mount.cifs over rdma:\n\n  BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]\n  Read of size 8 at addr 0000000000000018 by task mount.cifs/3046\n\n  CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x34/0x44\n   kasan_report+0xad/0x130\n   rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]\n   execute_in_process_context+0x25/0x90\n   __rxe_cleanup+0x101/0x1d0 [rdma_rxe]\n   rxe_create_qp+0x16a/0x180 [rdma_rxe]\n   create_qp.part.0+0x27d/0x340\n   ib_create_qp_kernel+0x73/0x160\n   rdma_create_qp+0x100/0x230\n   _smbd_get_connection+0x752/0x20f0\n   smbd_get_connection+0x21/0x40\n   cifs_get_tcp_session+0x8ef/0xda0\n   mount_get_conns+0x60/0x750\n   cifs_mount+0x103/0xd00\n   cifs_smb3_do_mount+0x1dd/0xcb0\n   smb3_get_tree+0x1d5/0x300\n   vfs_get_tree+0x41/0xf0\n   path_mount+0x9b3/0xdd0\n   __x64_sys_mount+0x190/0x1d0\n   do_syscall_64+0x35/0x80\n   entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe root cause of the issue is the socket create failed in\nrxe_qp_init_req().\n\nSo move the reset rxe_qp_do_cleanup() after the NULL ptr check."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/sw/rxe/rxe_qp.c"],"versions":[{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"ee24de095569935eba600f7735e8e8ddea5b418e","status":"affected","versionType":"git"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"7340ca9f782be6fbe3f64a134dc112772764f766","status":"affected","versionType":"git"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"bd7106a6004f1077a365ca7f5a99c7a708e20714","status":"affected","versionType":"git"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"6bb5a62bfd624039b05157745c234068508393a9","status":"affected","versionType":"git"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"f64f08b9e6fb305a25dd75329e06ae342b9ce336","status":"affected","versionType":"git"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"5b924632d84a60bc0c7fe6e9bbbce99d03908957","status":"affected","versionType":"git"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"821f9a18210f6b9fd6792471714c799607b25db4","status":"affected","versionType":"git"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"f67376d801499f4fa0838c18c1efcad8840e550d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/sw/rxe/rxe_qp.c"],"versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","status":"unaffected","versionType":"semver"},{"version":"4.14.303","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.270","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.229","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.163","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.86","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.16","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.2","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"4.14.303"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"4.19.270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.4.229"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.15.86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.0.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.1.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ee24de095569935eba600f7735e8e8ddea5b418e"},{"url":"https://git.kernel.org/stable/c/7340ca9f782be6fbe3f64a134dc112772764f766"},{"url":"https://git.kernel.org/stable/c/bd7106a6004f1077a365ca7f5a99c7a708e20714"},{"url":"https://git.kernel.org/stable/c/6bb5a62bfd624039b05157745c234068508393a9"},{"url":"https://git.kernel.org/stable/c/f64f08b9e6fb305a25dd75329e06ae342b9ce336"},{"url":"https://git.kernel.org/stable/c/5b924632d84a60bc0c7fe6e9bbbce99d03908957"},{"url":"https://git.kernel.org/stable/c/821f9a18210f6b9fd6792471714c799607b25db4"},{"url":"https://git.kernel.org/stable/c/f67376d801499f4fa0838c18c1efcad8840e550d"}],"title":"RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed","x_generator":{"engine":"bippy-1.2.0"}}}}