CVE-2022-49003 : Detail

nvme: fix SRCU protection of nvme_ns_head list

In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvme_ns_head list Walking the nvme_ns_head siblings list is protected by the head's srcu in nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths(). Removing namespaces from the list also fails to synchronize the srcu. Concurrent scan work can therefore cause use-after-frees. Hold the head's srcu lock in nvme_mpath_revalidate_paths() and synchronize with the srcu, not the global RCU, in nvme_ns_remove(). Observed the following panic when making NVMe/RDMA connections with native multipath on the Rocky Linux 8.6 kernel (it seems the upstream kernel has the same race condition). Disassembly shows the faulting instruction is cmp 0x50(%rdx),%rcx; computing capacity != get_capacity(ns->disk). Address 0x50 is dereferenced because ns->disk is NULL. The NULL disk appears to be the result of concurrent scan work freeing the namespace (note the log line in the middle of the panic). [37314.206036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050 [37314.206036] nvme0n3: detected capacity change from 0 to 11811160064 [37314.299753] PGD 0 P4D 0 [37314.299756] Oops: 0000 [#1] SMP PTI [37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: loaded Tainted: G W X --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1 [37314.299762] Hardware name: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 05/23/2018 [37314.299763] Workqueue: nvme-wq nvme_scan_work [nvme_core] [37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core] [37314.299790] Code: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 <48> 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3 [37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202 [37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000 [37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800 [37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff [37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 0000000000000000 [37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000 [37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000 [37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [37315.713871] CR2: 0000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0 [37315.799267] Call Trace: [37315.828515] nvme_update_ns_info+0x1ac/0x250 [nvme_core] [37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [nvme_core] [37315.961871] ? __blk_mq_free_request+0x6b/0x90 [37316.015021] nvme_scan_work+0x151/0x240 [nvme_core] [37316.073371] process_one_work+0x1a7/0x360 [37316.121318] ? create_worker+0x1a0/0x1a0 [37316.168227] worker_thread+0x30/0x390 [37316.212024] ? create_worker+0x1a0/0x1a0 [37316.258939] kthread+0x10a/0x120 [37316.297557] ? set_kthread_struct+0x50/0x50 [37316.347590] ret_from_fork+0x35/0x40 [37316.390360] Modules linked in: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc overlay nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me pcspkr ipmi_devintf mei lpc_ich wmi ipmi_msghandler acpi_power_meter ex ---truncated---

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Linux>>Linux_kernel >> Version From (including) 5.15 To (excluding) 5.15.82

• Linux>>Linux_kernel >> Version 5.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.0-58 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.1 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.2 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.3 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.3 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.4 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.5 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.6 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.7 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.8 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.9 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.10 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.11 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.12 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.13 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.14 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.20 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.21 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.22 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.23 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.24 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.25 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.26 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.27 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.28 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.29 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.30 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.31 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.32 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.33 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.34 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.35 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.36 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.37 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.38 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.39 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.40 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.41 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.42 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.43 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.44 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.45 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.46 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.47 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.48 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.49 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.50 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.51 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.52 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.53 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.54 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.55 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.56 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.57 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.58 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.59 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.60 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.61 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.62 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.63 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.64 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.65 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.66 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.67 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.68 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.69 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.70 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.71 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.72 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.73 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.74 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.75 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.76 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.77 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.78 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.79 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.80 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.15.81 (Open CPE detail)

Linux>>Linux_kernel >> Version From (including) 5.16 To (excluding) 6.0.12

• Linux>>Linux_kernel >> Version 5.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.1 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.2 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.3 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.4 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.5 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.6 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.7 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.8 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.9 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.10 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.11 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.12 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.13 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.14 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.20 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.16.62 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.1 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.2 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.3 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.4 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.5 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.6 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.7 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.8 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.9 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.10 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.11 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.12 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.13 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.14 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.17.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.1 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.2 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.3 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.4 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.5 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.6 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.7 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.8 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.9 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.10 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.11 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.12 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.13 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.14 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.18 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.18.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.1 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.2 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.3 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.4 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.5 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.6 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.7 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.8 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.9 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.10 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.11 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.12 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.13 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.14 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.15 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.16 (Open CPE detail)
• Linux>>Linux_kernel >> Version 5.19.17 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.1 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.2 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.3 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.4 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.5 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.6 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.7 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.8 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.9 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.10 (Open CPE detail)
• Linux>>Linux_kernel >> Version 6.0.11 (Open CPE detail)

Linux>>Linux_kernel >> Version 6.1

• Linux>>Linux_kernel >> Version 6.1 (Open CPE detail)

Linux>>Linux_kernel >> Version 6.1

• Linux>>Linux_kernel >> Version 6.1 (Open CPE detail)

Linux>>Linux_kernel >> Version 6.1

• Linux>>Linux_kernel >> Version 6.1 (Open CPE detail)

Linux>>Linux_kernel >> Version 6.1

• Linux>>Linux_kernel >> Version 6.1 (Open CPE detail)

Linux>>Linux_kernel >> Version 6.1

• Linux>>Linux_kernel >> Version 6.1 (Open CPE detail)

Linux>>Linux_kernel >> Version 6.1

• Linux>>Linux_kernel >> Version 6.1 (Open CPE detail)

Linux>>Linux_kernel >> Version 6.1

• Linux>>Linux_kernel >> Version 6.1 (Open CPE detail)

References