{"id":"CVE-2022-49076","summary":"RDMA/hfi1: Fix use-after-free bug for mm struct","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix use-after-free bug for mm struct\n\nUnder certain conditions, such as MPI_Abort, the hfi1 cleanup code may\nrepresent the last reference held on the task mm.\nhfi1_mmu_rb_unregister() then drops the last reference and the mm is freed\nbefore the final use in hfi1_release_user_pages().  A new task may\nallocate the mm structure while it is still being used, resulting in\nproblems. One manifestation is corruption of the mmap_sem counter leading\nto a hang in down_write().  Another is corruption of an mm struct that is\nin use by another task.","modified":"2026-04-02T08:27:16.685514Z","published":"2025-02-26T01:54:39.251Z","related":["SUSE-SU-2025:0834-1","SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49076.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0b7186d657ee55e2cdefae498f07d5c1961e8023"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2bbac98d0930e8161b1957dc0ec99de39ade1b3c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5a9a1b24ddb510715f8f621263938186579a965c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5f54364ff6cfcd14cddf5441c4a490bb28dd69f7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9ca11bd8222a612de0d2f54d050bfcf61ae2883f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49076.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49076"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3d2a9d642512c21a12d19b9250e7a835dcb41a79"},{"fixed":"5f54364ff6cfcd14cddf5441c4a490bb28dd69f7"},{"fixed":"9ca11bd8222a612de0d2f54d050bfcf61ae2883f"},{"fixed":"0b7186d657ee55e2cdefae498f07d5c1961e8023"},{"fixed":"5a9a1b24ddb510715f8f621263938186579a965c"},{"fixed":"2bbac98d0930e8161b1957dc0ec99de39ade1b3c"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"5732f83596f8a573f2cde814cc76a54e1a8995c7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49076.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}