{"id":"CVE-2022-49321","summary":"xprtrdma: treat all calls not a bcall when bc_serv is NULL","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: treat all calls not a bcall when bc_serv is NULL\n\nWhen a rdma server returns a fault format reply, nfs v3 client may\ntreats it as a bcall when bc service is not exist.\n\nThe debug message at rpcrdma_bc_receive_call are,\n\n[56579.837169] RPC:       rpcrdma_bc_receive_call: callback XID\n00000001, length=20\n[56579.837174] RPC:       rpcrdma_bc_receive_call: 00 00 00 01 00 00 00\n00 00 00 00 00 00 00 00 00 00 00 00 04\n\nAfter that, rpcrdma_bc_receive_call will meets NULL pointer as,\n\n[  226.057890] BUG: unable to handle kernel NULL pointer dereference at\n00000000000000c8\n...\n[  226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20\n...\n[  226.059732] Call Trace:\n[  226.059878]  rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma]\n[  226.060011]  __ib_process_cq+0x89/0x170 [ib_core]\n[  226.060092]  ib_cq_poll_work+0x26/0x80 [ib_core]\n[  226.060257]  process_one_work+0x1a7/0x360\n[  226.060367]  ? create_worker+0x1a0/0x1a0\n[  226.060440]  worker_thread+0x30/0x390\n[  226.060500]  ? create_worker+0x1a0/0x1a0\n[  226.060574]  kthread+0x116/0x130\n[  226.060661]  ? kthread_flush_work_fn+0x10/0x10\n[  226.060724]  ret_from_fork+0x35/0x40\n...","modified":"2026-04-02T08:27:29.151897Z","published":"2025-02-26T02:10:46.186Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1","SUSE-SU-2025:1293-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49321.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/11270e7ca268e8d61b5d9e5c3a54bd1550642c9c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8dbae5affbdbf524b48000f9d357925bb001e5f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8e3943c50764dc7c5f25911970c3ff062ec1f18c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/90c4f73104016748533a5707ecd15930fbeff402"},{"type":"WEB","url":"https://git.kernel.org/stable/c/91784f3d77b73885e1b2e6b59d3cbf0de0a1126a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/998d35a2aff4b81a1c784f3aa45cd3afff6814c1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a3fc8051ee061e31db13e2fe011e8e0b71a7f815"},{"type":"WEB","url":"https://git.kernel.org/stable/c/da99331fa62131a38a0947a8204c5208de7b0454"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49321.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49321"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"63cae47005af51c937f4cdcc4835f29075add2ba"},{"fixed":"8e3943c50764dc7c5f25911970c3ff062ec1f18c"},{"fixed":"998d35a2aff4b81a1c784f3aa45cd3afff6814c1"},{"fixed":"da99331fa62131a38a0947a8204c5208de7b0454"},{"fixed":"8dbae5affbdbf524b48000f9d357925bb001e5f4"},{"fixed":"a3fc8051ee061e31db13e2fe011e8e0b71a7f815"},{"fixed":"90c4f73104016748533a5707ecd15930fbeff402"},{"fixed":"91784f3d77b73885e1b2e6b59d3cbf0de0a1126a"},{"fixed":"11270e7ca268e8d61b5d9e5c3a54bd1550642c9c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49321.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}