Fixing Possible Use-After-Free in NVMe RDMA Error Recovery

CVE-2022-48788

What is CVE-2022-48788?

A use-after-free vulnerability has been identified within the Linux kernel's NVMe RDMA transport. This issue arises during the execution of the nvme_rdma_submit_async_event_work function, which performs checks on the controller and queue state before sending the AER command and scheduling IO work. If these checks are conducted without proper synchronization, it could lead to a race condition when transitioning the controller state to RESETTING while destroying the admin queue. This flaw necessitates flushing the async_event_work to prevent potential instability and data integrity issues, which may compromise the overall functionality of the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References