CVE-2022-50822

Vulnerability

In the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, the restrack (resource tracking) infrastructure is used to track various resources, including Memory Regions (MR). When an MR is deleted, the corresponding restrack entry must also be released. However, a bug was found where the MR restrack object was not freed during deletion, leading to a memory leak [1].

Root

Cause

The root cause is that the code path for deleting an MR did not call the necessary cleanup function to release the restrack entry. This oversight means that the reference to the task struct (which is held by the restrack entry) is never released, preventing the kernel from freeing that task structure [1].

Impact

An attacker who can trigger the creation and deletion of MRs (e.g., via RDMA operations) RDMA operations) can repeatedly exploit this bug to exhaust kernel memory, leading to a denial of service (DoS) condition. The leak is per-MR deletion, so sustained exploitation can cause significant memory pressure on the system [1].

Mitigation

The fix was committed to the Linux kernel stable tree and is included in versions that contain the commit dac153f2802db1ad46207283cb9b2aae3d707a45 [2]. Users should update their kernel to a patched version to resolve the issue.