CVE-2022-50127
📋 TL;DR
This vulnerability in the Linux kernel's RDMA over Converged Ethernet (RoCE) implementation causes a kernel panic (system crash) when error handling occurs during queue pair creation. It affects systems using the rxe driver for RDMA networking. The issue occurs due to uninitialized spinlocks being accessed during cleanup after a failure.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash when RDMA operations fail during initialization, resulting in service disruption requiring reboot.
If Mitigated
No impact if the vulnerability is patched or if RDMA/rxe functionality is not used.
🎯 Exploit Status
Exploitation requires ability to trigger RDMA queue pair creation failures. Likely requires local access or RDMA network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits (1a63f24e724f677db1ab21251f4d0011ae0bb5b5 and related)
Vendor Advisory: https://git.kernel.org/stable/c/1a63f24e724f677db1ab21251f4d0011ae0bb5b5
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version.
🔧 Temporary Workarounds
Disable RDMA/rxe module
linuxPrevent loading of the vulnerable rxe driver module
echo 'blacklist rxe' >> /etc/modprobe.d/blacklist.conf
rmmod rxe
Restrict RDMA access
linuxLimit which users or processes can use RDMA functionality
Use Linux security modules (SELinux/AppArmor) to restrict RDMA access
🧯 If You Can't Patch
- Disable RDMA functionality if not required
- Implement strict access controls to limit who can create RDMA queue pairs
🔍 How to Verify
Check if Vulnerable:
Check if rxe module is loaded: lsmod | grep rxe. Check kernel version against affected ranges.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test RDMA functionality to ensure no crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- RDMA error messages followed by system crash
Network Indicators:
- Unexpected RDMA connection failures
SIEM Query:
search 'kernel panic' OR 'Oops' OR 'BUG' in system logs with RDMA/rxe context🔗 References
- https://git.kernel.org/stable/c/1a63f24e724f677db1ab21251f4d0011ae0bb5b5
- https://git.kernel.org/stable/c/2ceeb04252e621c0b128ecc8fedbca922d11adba
- https://git.kernel.org/stable/c/3c838ca6fbdb173102780d7bdf18f2f7d9e30979
- https://git.kernel.org/stable/c/3ef491b26c720a87fcfbd78b7dc8eb83d9753fe6
- https://git.kernel.org/stable/c/b348e204a53103f51070513a7494da7c62ecbdaa
- https://git.kernel.org/stable/c/db924bd8484c76558a4ac4c4b5aeb52e857f0341
- https://git.kernel.org/stable/c/f05b7cf02123aaf99db78abfe638efefdbe15555
- https://git.kernel.org/stable/c/fd5382c5805c4bcb50fd25b7246247d3f7114733
