CVE-2022-50127

MEDIUM

Linux Kernel 4.8-5.19.2 - Use of Uninitialized Resource in RDMA rxe_create_qp

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like the spin locks are not setup until rxe_qp_init_req(). If an error occures before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. Move the spinlock initializations earlier before any failures.

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/3c838ca6fbdb173102780d7bdf18f2f7d9e30979

Patch

https://git.kernel.org/stable/c/1a63f24e724f677db1ab21251f4d0011ae0bb5b5

Patch

https://git.kernel.org/stable/c/b348e204a53103f51070513a7494da7c62ecbdaa

Patch

https://git.kernel.org/stable/c/3ef491b26c720a87fcfbd78b7dc8eb83d9753fe6

Patch

https://git.kernel.org/stable/c/2ceeb04252e621c0b128ecc8fedbca922d11adba

Patch

https://git.kernel.org/stable/c/db924bd8484c76558a4ac4c4b5aeb52e857f0341

Patch

https://git.kernel.org/stable/c/f05b7cf02123aaf99db78abfe638efefdbe15555

Patch

https://git.kernel.org/stable/c/fd5382c5805c4bcb50fd25b7246247d3f7114733

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 5.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-908

Status published

Products (26)

linux/Kernel 4.15.0 - 4.19.256linux

linux/Kernel 4.20.0 - 5.4.211linux

linux/Kernel 4.8.0 - 4.14.291linux

linux/Kernel 5.11.0 - 5.15.61linux

linux/Kernel 5.16.0 - 5.18.18linux

linux/Kernel 5.19.0 - 5.19.2linux

linux/Kernel 5.5.0 - 5.10.137linux

Linux/Linux < 4.8

Linux/Linux 4.14.291 - 4.14.*

Linux/Linux 4.19.256 - 4.19.*

... and 16 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026