CVE-2022-49931
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's HFI1 InfiniBand driver causes a kernel crash when a link goes down while there are waiters for send operations to complete. This affects systems using the hfi1 driver for InfiniBand networking. The vulnerability results in denial of service but does not allow arbitrary code execution.
💻 Affected Systems
- Linux kernel with hfi1 InfiniBand driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and complete denial of service, requiring physical or remote console access to reboot the system.
Likely Case
System crash when InfiniBand link state changes occur during active data transfers, causing temporary service disruption until system reboot.
If Mitigated
No impact if systems are patched or don't use the affected hfi1 driver.
🎯 Exploit Status
Exploitation requires ability to trigger InfiniBand link state changes while send operations are pending. Typically requires local access or network control.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 1afac08b39d85437187bb2a92d89a741b1078f55, 25760a41e3802f54aadcc31385543665ab349b8e, 7c4260f8f188df32414a5ecad63e8b934c2aa3f0, b8bcff99b07cc175a6ee12a52db51cdd2229586c, ba95409d6b580501ff6d78efd00064f7df669926
Vendor Advisory: https://git.kernel.org/stable/c/1afac08b39d85437187bb2a92d89a741b1078f55
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Unload hfi1 driver
linuxRemove the vulnerable driver if InfiniBand functionality is not required
sudo modprobe -r hfi1
Blacklist hfi1 driver
linuxPrevent hfi1 driver from loading at boot
echo 'blacklist hfi1' | sudo tee /etc/modprobe.d/blacklist-hfi1.conf
🧯 If You Can't Patch
- Monitor InfiniBand link stability and avoid link state changes during peak traffic
- Implement high availability clustering to minimize impact of potential crashes
🔍 How to Verify
Check if Vulnerable:
Check if hfi1 module is loaded: lsmod | grep hfi1. Check kernel version against affected ranges.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than affected versions. Check dmesg for absence of NULL pointer dereference errors related to hfi1.📡 Detection & Monitoring
Log Indicators:
- Kernel NULL pointer dereference errors in dmesg or syslog
- BUG: kernel NULL pointer dereference, address: 0000000000000030
- hfi1 driver crash messages
Network Indicators:
- Sudden loss of InfiniBand connectivity
- Abnormal link state changes
SIEM Query:
source="kernel" AND "NULL pointer dereference" AND "hfi1"🔗 References
- https://git.kernel.org/stable/c/1afac08b39d85437187bb2a92d89a741b1078f55
- https://git.kernel.org/stable/c/25760a41e3802f54aadcc31385543665ab349b8e
- https://git.kernel.org/stable/c/7c4260f8f188df32414a5ecad63e8b934c2aa3f0
- https://git.kernel.org/stable/c/b8bcff99b07cc175a6ee12a52db51cdd2229586c
- https://git.kernel.org/stable/c/ba95409d6b580501ff6d78efd00064f7df669926
