CVE-2022-49429
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's hfi1 RDMA driver causes kernel panic when SDMA capability is disabled. This affects systems using the hfi1 driver with HFI1_CAP_SDMA disabled, potentially causing denial of service through system crashes.
💻 Affected Systems
- Linux kernel with hfi1 RDMA driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system crash/kernel panic leading to denial of service, requiring physical or remote reboot.
Likely Case
System crash when specific RDMA operations are attempted with SDMA disabled, causing temporary service disruption.
If Mitigated
Failed I/O operations with EINVAL error instead of crash when proper patch is applied.
🎯 Exploit Status
Exploitation requires ability to perform RDMA write operations with hfi1 driver loaded in vulnerable configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing the fix commits
Vendor Advisory: https://git.kernel.org/stable/c/0e4dda8b3f4c07ee9ea670a10ea3171a5e63a86f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. Reboot system to load patched kernel. 3. Verify hfi1 module loads correctly.
🔧 Temporary Workarounds
Disable hfi1 module
linuxPrevent loading of vulnerable hfi1 RDMA driver module
echo 'blacklist hfi1' >> /etc/modprobe.d/blacklist.conf
rmmod hfi1
Enable SDMA capability
linuxLoad hfi1 module with SDMA capability enabled to avoid NULL pointer dereference
modprobe hfi1 HFI1_CAP_SDMA=1
🧯 If You Can't Patch
- Ensure hfi1 module is loaded with HFI1_CAP_SDMA=1 parameter
- Restrict RDMA access to trusted users and services only
🔍 How to Verify
Check if Vulnerable:
Check if hfi1 module is loaded and SDMA capability status: lsmod | grep hfi1 && cat /sys/module/hfi1/parameters/HFI1_CAP_SDMACheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: uname -r and verify against patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- NULL pointer dereference errors mentioning hfi1_write_iter or sdma_select_user_engine
Network Indicators:
- Unexpected RDMA connection failures
- System crashes during RDMA operations
SIEM Query:
kernel: *panic* OR *NULL pointer dereference* AND (*hfi1* OR *sdma_select_user_engine*)🔗 References
- https://git.kernel.org/stable/c/0e4dda8b3f4c07ee9ea670a10ea3171a5e63a86f
- https://git.kernel.org/stable/c/22e7e400fd1a890db2ea13686324aff50e972f4f
- https://git.kernel.org/stable/c/29952ab85d6c3fe0b7909d9a737f10c58bf6824d
- https://git.kernel.org/stable/c/32e6aea33944f364d51cd263e4cd236393a188b6
- https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762
- https://git.kernel.org/stable/c/629e052d0c98e46dde9f0824f0aa437f678d9b8f
- https://git.kernel.org/stable/c/cc80d3c37cec9d6ddb140483647901bc7cc6c31d
- https://git.kernel.org/stable/c/e60ad83f645ee6fadd5a8057ba267aeec54f08fe
