CVE-2022-50662

Vulnerability

In the Linux kernel's RDMA/hns driver, the function hns_roce_alloc_mr() allocates a memory region (MR) and its associated key (mr_key). If the key is stored in a structure that must be released upon failure. However, if hns_roce_mr_enable() fails, the code path does not free the previously allocated mr_key, leading to a memory leak [1].

Exploitation

This vulnerability is triggered during memory region allocation when the enable step fails. An attacker with local access and the ability to trigger RDMA operations could cause repeated allocation failures, gradually exhausting kernel memory. No special privileges beyond those needed for RDMA usage are required, but the attack surface is limited to systems using the Hisilicon (hns) RDMA hardware.

Impact

A local attacker can cause a denial-of-service (DoS) by exhausting kernel memory through repeated failed allocations, potentially leading to system instability or crash. The leak is small per occurrence but can accumulate over time.

Mitigation

The fix was applied to the Linux kernel stable tree in commit a115aa00b18f [2]. Users should update to a kernel version containing this commit or a backport. No workaround is available other than applying the patch.