CVE-2022-50135
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in the Linux kernel's RDMA over Converged Ethernet (RoCE) implementation. When error handling occurs during queue pair creation, the system can crash due to accessing null pointers, potentially causing denial of service. Systems using RDMA functionality with the rxe driver are affected.
💻 Affected Systems
- Linux kernel with RDMA rxe driver enabled
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and complete denial of service, requiring physical or remote reboot.
Likely Case
System crash or kernel panic when RDMA operations fail during queue pair initialization, causing temporary service disruption.
If Mitigated
Minimal impact if RDMA is not used or if error conditions don't trigger the specific code path.
🎯 Exploit Status
Requires ability to trigger RDMA queue pair creation with specific error conditions. Likely requires local access or RDMA network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 37da51efe6eaa0560f46803c8c436a48a2084da7 and 8598b9d0a364c1663c96fc0fab9df0d36c809aea
Vendor Advisory: https://git.kernel.org/stable/c/37da51efe6eaa0560f46803c8c436a48a2084da7
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable RDMA rxe driver
linuxPrevent loading of the vulnerable RDMA rxe driver module
echo 'blacklist rdma_rxe' >> /etc/modprobe.d/blacklist-rdma.conf
rmmod rdma_rxe
Disable RDMA functionality
linuxCompletely disable RDMA if not required
modprobe -r rdma_rxe
systemctl disable rdma.service
echo 'install rdma_rxe /bin/false' >> /etc/modprobe.d/disable-rdma.conf
🧯 If You Can't Patch
- Disable RDMA functionality if not required for operations
- Implement strict access controls to prevent unauthorized users from triggering RDMA operations
🔍 How to Verify
Check if Vulnerable:
Check if RDMA rxe driver is loaded: lsmod | grep rdma_rxe. Check kernel version against distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution package manager that security update is installed.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or journalctl
- BUG: KASAN: null-ptr-deref errors
- RDMA/rxe related crash dumps
Network Indicators:
- Unexpected RDMA connection failures
- Abnormal RDMA traffic patterns
SIEM Query:
source="kernel" AND ("null-ptr-deref" OR "KASAN" OR "rxe_qp_do_cleanup")