Total vulnerabilities in the database
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Correctly move list in sc_disable()
Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()") incorrectly tries to move a list from one list head to another. The result is a kernel crash.
The crash is triggered when a link goes down and there are waiters for a send to complete. The following signature is seen:
BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] Call Trace: sc_disable+0x1ba/0x240 [hfi1] pio_freeze+0x3d/0x60 [hfi1] handle_freeze+0x27/0x1b0 [hfi1] process_one_work+0x1b0/0x380 ? process_one_work+0x380/0x380 worker_thread+0x30/0x360 ? process_one_work+0x380/0x380 kthread+0xd7/0x100 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30
The fix is to use the correct call to move the list.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.1-rc2 | 6.1-rc2.x |
| linux / linux_kernel | 6.1-rc1 | 6.1-rc1.x |
| linux / linux_kernel | 6.1-rc3 | 6.1-rc3.x |
| linux / linux_kernel | 5.16 | 6.0.8 |
| linux / linux_kernel | 5.10.77 | 5.10.154 |
| linux / linux_kernel | 5.14.16 | 5.15.78 |
| linux / linux_kernel | 5.4.157 | 5.4.224 |