CVE-2022-50127

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like the spin locks are not setup until rxe_qp_init_req(). If an error occures before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. Move the spinlock initializations earlier before any failures.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1a63f24e724f677db1ab21251f4d0011ae0bb5b5	Patch
https://git.kernel.org/stable/c/2ceeb04252e621c0b128ecc8fedbca922d11adba	Patch
https://git.kernel.org/stable/c/3c838ca6fbdb173102780d7bdf18f2f7d9e30979	Patch
https://git.kernel.org/stable/c/3ef491b26c720a87fcfbd78b7dc8eb83d9753fe6	Patch
https://git.kernel.org/stable/c/b348e204a53103f51070513a7494da7c62ecbdaa	Patch
https://git.kernel.org/stable/c/db924bd8484c76558a4ac4c4b5aeb52e857f0341	Patch
https://git.kernel.org/stable/c/f05b7cf02123aaf99db78abfe638efefdbe15555	Patch
https://git.kernel.org/stable/c/fd5382c5805c4bcb50fd25b7246247d3f7114733	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

18 Nov 2025, 18:11

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-908
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel::::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rxe: Corrección del error de desenrollado en rxe_create_qp(). En la función rxe_create_qp(), se llama a rxe_qp_from_init() para inicializar qp. Internamente, elementos como los bloqueos de giro no se configuran hasta rxe_qp_init_req(). Si se produce un error antes de este punto, el desenrollado llamará a rxe_cleanup() y, finalmente, a rxe_qp_do_cleanup()/rxe_cleanup_task(), lo que generará un error al intentar acceder al bloqueo de giro no inicializado. Se deben adelantar las inicializaciones de los bloqueos de giro para evitar cualquier fallo.
References	~~() https://git.kernel.org/stable/c/1a63f24e724f677db1ab21251f4d0011ae0bb5b5 -~~	() https://git.kernel.org/stable/c/1a63f24e724f677db1ab21251f4d0011ae0bb5b5 - Patch
References	~~() https://git.kernel.org/stable/c/2ceeb04252e621c0b128ecc8fedbca922d11adba -~~	() https://git.kernel.org/stable/c/2ceeb04252e621c0b128ecc8fedbca922d11adba - Patch
References	~~() https://git.kernel.org/stable/c/3c838ca6fbdb173102780d7bdf18f2f7d9e30979 -~~	() https://git.kernel.org/stable/c/3c838ca6fbdb173102780d7bdf18f2f7d9e30979 - Patch
References	~~() https://git.kernel.org/stable/c/3ef491b26c720a87fcfbd78b7dc8eb83d9753fe6 -~~	() https://git.kernel.org/stable/c/3ef491b26c720a87fcfbd78b7dc8eb83d9753fe6 - Patch
References	~~() https://git.kernel.org/stable/c/b348e204a53103f51070513a7494da7c62ecbdaa -~~	() https://git.kernel.org/stable/c/b348e204a53103f51070513a7494da7c62ecbdaa - Patch
References	~~() https://git.kernel.org/stable/c/db924bd8484c76558a4ac4c4b5aeb52e857f0341 -~~	() https://git.kernel.org/stable/c/db924bd8484c76558a4ac4c4b5aeb52e857f0341 - Patch
References	~~() https://git.kernel.org/stable/c/f05b7cf02123aaf99db78abfe638efefdbe15555 -~~	() https://git.kernel.org/stable/c/f05b7cf02123aaf99db78abfe638efefdbe15555 - Patch
References	~~() https://git.kernel.org/stable/c/fd5382c5805c4bcb50fd25b7246247d3f7114733 -~~	() https://git.kernel.org/stable/c/fd5382c5805c4bcb50fd25b7246247d3f7114733 - Patch

18 Jun 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-18 11:15

Updated : 2025-11-18 18:11

NVD link : CVE-2022-50127

Mitre link : CVE-2022-50127

CVE.ORG link : CVE-2022-50127

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-908

Use of Uninitialized Resource

5.5 /10