CVE-2022-50874

Vulnerability

In the Linux kernel's RDMA/erdma driver, the erdma_mmap function calls rdma_user_mmap_entry_get() to obtain a reference to a memory mapping entry. However, in certain error paths, the corresponding rdma_user_mmap_entry_put() was missing, causing a reference count leak. This means the entry's reference counter is not properly decremented, leading to the entry never being freed.

Exploitation

To exploit this, an attacker would need local access to the system and the ability to invoke the mmap system call on an RDMA device file. The vulnerability does not require special privileges beyond normal user access to RDMA resources, but the attacker must be able to trigger the error path in the mmap handling. This could be achieved by providing invalid parameters or causing the mmap to fail after the reference has been acquired.

Impact

An attacker repeatedly triggering this vulnerability could exhaust kernel memory by causing an accumulation of unreleased memory mapping entries. This can lead to denial of service (system instability or crash) due to memory exhaustion. There is no evidence of code execution or privilege escalation.

Mitigation

The fix was included in the Linux kernel stable tree via commit 410f0f46ffca [1]. Users should update their kernels to a version containing this patch. No workaround is available other than applying the update. The vulnerability has a CVSS score of 5.5 (medium) and is not known to be exploited in the wild.