CVE-2022-49930 in Linux
Summary
by MITRE • 05/01/2025
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix NULL pointer problem in free_mr_init()
Lock grab occurs in a concurrent scenario, resulting in stepping on a NULL pointer. It should be init mutex_init() first before use the lock.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: __mutex_lock.constprop.0+0xd0/0x5c0 __mutex_lock_slowpath+0x1c/0x2c mutex_lock+0x44/0x50 free_mr_send_cmd_to_hw+0x7c/0x1c0 [hns_roce_hw_v2]
hns_roce_v2_dereg_mr+0x30/0x40 [hns_roce_hw_v2]
hns_roce_dereg_mr+0x4c/0x130 [hns_roce_hw_v2]
ib_dereg_mr_user+0x54/0x124 uverbs_free_mr+0x24/0x30 destroy_hw_idr_uobject+0x38/0x74 uverbs_destroy_uobject+0x48/0x1c4 uobj_destroy+0x74/0xcc ib_uverbs_cmd_verbs+0x368/0xbb0 ib_uverbs_ioctl+0xec/0x1a4 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0x58/0x190 do_el0_svc+0x30/0x90 el0_svc+0x2c/0xb4 el0t_64_sync_handler+0x1a4/0x1b0 el0t_64_sync+0x19c/0x1a0
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/15/2026
The vulnerability CVE-2022-49930 represents a critical null pointer dereference issue within the Linux kernel's RDMA hardware driver subsystem, specifically affecting the hns_roce_hw_v2 module. This flaw manifests in a race condition scenario where concurrent operations attempt to access a mutex lock before it has been properly initialized, leading to system crashes and potential denial of service conditions. The vulnerability occurs during memory registration and deregistration operations within the hardware accelerated RDMA (Remote Direct Memory Access) infrastructure, which is essential for high-performance network communications in data center environments.
The technical root cause stems from improper initialization sequence within the free_mr_init() function where mutex initialization occurs after lock acquisition attempts. When the system processes memory registration commands through the hardware interface, the mutex lock structure remains uninitialized at virtual address 0x0000000000000000, resulting in a kernel NULL pointer dereference. This specific memory location represents the default null pointer value in kernel space, indicating that the mutex structure was never properly allocated or initialized before being accessed. The call trace demonstrates the execution path leading to the crash, beginning with mutex_lock operations that fail due to uninitialized lock structures, progressing through the RDMA hardware command processing, and culminating in user space interface handling that ultimately triggers the kernel panic.
The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise entire network infrastructure components that rely on RDMA acceleration. Systems utilizing Huawei's HiSilicon RoCE (RDMA over Converged Ethernet) hardware drivers are particularly at risk, as these components are commonly deployed in high-performance computing clusters, storage networks, and cloud infrastructure environments. Attackers could exploit this vulnerability to cause service disruption through denial of service attacks, potentially leading to complete system crashes that require manual intervention and reboot cycles. The concurrent nature of the issue means that even low-intensity workloads could trigger the race condition, making this vulnerability particularly dangerous in production environments where reliability is paramount. The vulnerability affects systems running Linux kernel versions where the hns_roce_hw_v2 driver is active and handles memory registration operations.
Mitigation strategies for CVE-2022-49930 require immediate kernel updates from vendors that address the initialization ordering issue within the RDMA driver module. System administrators should prioritize patching affected systems, particularly those running Huawei HiSilicon RoCE hardware, as the vulnerability can be exploited through legitimate user-space operations that trigger memory management commands. The fix involves ensuring proper mutex initialization before any lock acquisition operations, following the standard kernel development practice where synchronization primitives must be initialized before use. Organizations should implement monitoring for system stability indicators and kernel panic events that could indicate exploitation attempts. Additionally, implementing proper access controls and limiting exposure of RDMA interfaces to trusted network segments can help reduce the attack surface. This vulnerability aligns with CWE-476 which addresses NULL pointer dereference issues and relates to ATT&CK technique T1499.004 for network disruption through denial of service attacks. The fix demonstrates the importance of proper resource initialization in concurrent programming contexts and highlights the need for thorough testing of synchronization mechanisms in kernel drivers.