CVE-2022-50671 in Linuxinfo

Summary

by MITRE • 12/09/2025

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rxe: Fix "kernel NULL pointer dereference" error

When rxe_queue_init in the function rxe_qp_init_req fails, both qp->req.task.func and qp->req.task.arg are not initialized.

Because of creation of qp fails, the function rxe_create_qp will call rxe_qp_do_cleanup to handle allocated resource.

Before calling __rxe_do_task, both qp->req.task.func and qp->req.task.arg should be checked.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 03/29/2026

The vulnerability identified as CVE-2022-50671 represents a critical kernel NULL pointer dereference flaw within the Linux kernel's RDMA/rxe subsystem. This issue specifically affects the Reliable eXtensible kernel-based RDMA (rxe) implementation which provides RDMA capabilities through software emulation. The vulnerability manifests when the rxe_queue_init function within rxe_qp_init_req fails during queue pair initialization, creating a scenario where the task function and argument pointers remain uninitialized. This condition occurs during the creation of queue pairs in the RDMA subsystem, which forms a fundamental component of high-performance network communication in enterprise environments.

The technical flaw stems from inadequate initialization checking within the resource allocation process of RDMA queue pairs. When rxe_qp_init_req fails to initialize the request queue, the function rxe_create_qp attempts to clean up previously allocated resources through rxe_qp_do_cleanup. However, the cleanup process fails to validate whether both qp->req.task.func and qp->req.task.arg have been properly initialized before proceeding to __rxe_do_task. This oversight creates a path where uninitialized memory pointers are dereferenced, leading to a kernel NULL pointer dereference condition that can result in system crashes or potential privilege escalation. The vulnerability directly maps to CWE-476 which describes NULL pointer dereference issues in software systems.

The operational impact of this vulnerability extends beyond simple system instability, as it affects the reliability and security of RDMA-based network operations that are critical for high-performance computing environments, data centers, and enterprise networking infrastructures. Systems utilizing the rxe kernel module for RDMA functionality become vulnerable to denial-of-service attacks that can crash the entire kernel or potentially allow attackers to execute arbitrary code with kernel privileges. The vulnerability affects Linux kernel versions that include the rxe RDMA driver implementation, making it particularly concerning for enterprise environments where RDMA acceleration is commonly deployed for low-latency network communication between servers.

Mitigation strategies for this vulnerability should prioritize immediate kernel updates to versions containing the patched rxe implementation, which properly validates task function and argument pointers before attempting to execute cleanup operations. Organizations should implement monitoring for kernel crash events and system instability related to RDMA operations, as these may indicate exploitation attempts. The fix addresses the root cause by ensuring proper initialization checks are performed before calling __rxe_do_task, preventing the NULL pointer dereference condition. Security teams should also consider implementing network segmentation and access controls around RDMA-enabled systems, as outlined in the MITRE ATT&CK framework's network service scanning and privilege escalation techniques, to reduce the attack surface and limit potential exploitation vectors.

Responsible

Linux

Reservation

12/09/2025

Disclosure

12/09/2025

Moderation

accepted

CPE

ready

EPSS

0.00248

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!