CVE-2022-49076

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49076
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49076.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49076
Related
Published
2025-02-26T07:00:44Z
Modified
2025-03-24T18:55:46.154622Z
Downstream
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hfi1: Fix use-after-free bug for mm struct

Under certain conditions, such as MPIAbort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1mmurbunregister() then drops the last reference and the mm is freed before the final use in hfi1releaseuserpages(). A new task may allocate the mm structure while it is still being used, resulting in problems. One manifestation is corruption of the mmapsem counter leading to a hang in down_write(). Another is corruption of an mm struct that is in use by another task.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.113-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.17.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.17.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}