CVE-2022-50136
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event If siw_recv_mpa_rr returns -EAGAIN, it means that the MPA reply hasn't been received completely, and should not report IW_CM_EVENT_CONNECT_REPLY in this case. This may trigger a call trace in iw_cm. A simple way to trigger this: server: ib_send_lat client: ib_send_lat -R <server_ip> The call trace looks like this: kernel BUG at drivers/infiniband/core/iwcm.c:894! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <...> Workqueue: iw_cm_wq cm_work_handler [iw_cm] Call Trace: <TASK> cm_work_handler+0x1dd/0x370 [iw_cm] process_one_work+0x1e2/0x3b0 worker_thread+0x49/0x2e0 ? rescuer_thread+0x370/0x370 kthread+0xe5/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK>
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-18
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50136
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the RDMA/siw component where a duplicated IW_CM_EVENT_CONNECT_REPLY event is incorrectly reported. Specifically, if the function siw_recv_mpa_rr returns -EAGAIN, indicating that the MPA reply has not been fully received, the system should not report the IW_CM_EVENT_CONNECT_REPLY event. However, it does, which can lead to a kernel call trace and potentially a kernel BUG, causing instability or crashes.


How can this vulnerability impact me? :

The vulnerability can cause the Linux kernel to produce a call trace and potentially crash (kernel BUG) when the IW_CM_EVENT_CONNECT_REPLY event is duplicated incorrectly. This can lead to system instability or downtime, especially in environments using RDMA over InfiniBand with the siw driver, affecting applications relying on these connections.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing a kernel call trace related to the IW_CM_EVENT_CONNECT_REPLY event in the iw_cm module. A simple way to trigger this is by running the ib_send_lat tool: on the server, run 'ib_send_lat'; on the client, run 'ib_send_lat -R <server_ip>'. If the vulnerability is present, a kernel BUG call trace similar to the one described in the CVE will appear.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart