CVE-2022-49929 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rxe: Fix mr leak in RESPST_ERR_RNR

rxe_recheck_mr() will increase mr's ref_cnt, so we should call rxe_put(mr) to drop mr's ref_cnt in RESPST_ERR_RNR to avoid below warning:

WARNING: CPU: 0 PID: 4156 at drivers/infiniband/sw/rxe/rxe_pool.c:259 __rxe_cleanup+0x1df/0x240 [rdma_rxe]
... Call Trace: rxe_dereg_mr+0x4c/0x60 [rdma_rxe]
ib_dereg_mr_user+0xa8/0x200 [ib_core]
ib_mr_pool_destroy+0x77/0xb0 [ib_core]
nvme_rdma_destroy_queue_ib+0x89/0x240 [nvme_rdma]
nvme_rdma_free_queue+0x40/0x50 [nvme_rdma]
nvme_rdma_teardown_io_queues.part.0+0xc3/0x120 [nvme_rdma]
nvme_rdma_error_recovery_work+0x4d/0xf0 [nvme_rdma]
process_one_work+0x582/0xa40 ? pwq_dec_nr_in_flight+0x100/0x100 ? rwlock_bug.part.0+0x60/0x60 worker_thread+0x2a9/0x700 ? process_one_work+0xa40/0xa40 kthread+0x168/0x1a0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 03/15/2026

The vulnerability CVE-2022-49929 addresses a memory management issue within the Linux kernel's RDMA over Ethernet (rxe) implementation that could lead to resource leaks and potential system instability. This flaw specifically affects the rxe driver's handling of memory regions during error conditions, particularly when transitioning to the RESPST_ERR_RNR state. The issue manifests as a reference count leak in memory registration objects, which can accumulate over time and eventually exhaust available system resources.

The technical root cause lies in the rxe_recheck_mr() function which properly increments the memory region reference count but fails to decrement it appropriately when handling error responses. This creates a scenario where memory region objects remain allocated in memory even after they should be freed, leading to the kernel warning message indicating an improper cleanup in the rxe_pool.c file. The call trace demonstrates how this issue propagates through the Infiniband subsystem, eventually affecting NVMe over RDMA implementations that utilize memory registration pools for data transfer operations.

The operational impact of this vulnerability extends beyond simple memory leaks to potentially compromise system stability and performance. When memory regions accumulate without proper cleanup, the system's memory management subsystem becomes inefficient, leading to increased memory pressure and potential denial of service conditions. The vulnerability particularly affects systems using NVMe over RDMA storage configurations where the error recovery mechanisms are frequently invoked during network disruptions or hardware failures. This creates a cascading effect where the memory leak grows progressively worse, eventually leading to system resource exhaustion and potential crashes.

Mitigation strategies should focus on applying the kernel patch that corrects the reference count management in the RESPST_ERR_RNR handling path. Organizations should prioritize updating their Linux kernel versions to include this fix, particularly in environments running RDMA-enabled applications or NVMe over RDMA storage systems. The vulnerability aligns with CWE-401: Unreachable Code and CWE-772: Missing Release of Resource after Effective Lifetime, both of which fall under the broader category of resource management flaws. From an ATT&CK perspective, this vulnerability could be leveraged in resource exhaustion attacks (T1499.004) or could serve as a persistence mechanism through continued system instability. System administrators should monitor for memory usage patterns and implement automated alerts for unusual memory consumption that might indicate this leak occurring in production environments.

Responsible

Linux

Reservation

05/01/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00130

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!