CVE-2022-49089: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49089 is a vulnerability in the Linux kernel's InfiniBand (IB) RDMA verbs transport layer (rdmavt). The issue was discovered in February 2025 and involves a race condition in the rvterrorqp function. The vulnerability affects the Linux kernel's IB/rdmavt subsystem, specifically impacting the queue pair (QP) error handling mechanism (NVD, RedHat).

The vulnerability stems from a locking issue in the rvterrorqp function. According to the documentation, both rlock and slock need to be held when calling this function, which is enforced by lockdep assertions. However, a previous fix accidentally made the call to rvterrorqp in rvtrucloopback no longer covered by r_lock, resulting in lockdep assertion failures and a potential race condition. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (RedHat).

The vulnerability primarily affects system availability due to potential race conditions in the kernel's InfiniBand subsystem. The CVSS scoring indicates that while confidentiality and integrity are not impacted, there is a high impact on availability, requiring local access with low complexity to exploit (RedHat).

The vulnerability has been resolved by adding proper locking mechanisms to the rvterrorqp function call. The fix involves ensuring that both rlock and slock are held when calling rvterrorqp, specifically by adding spinlock(&sqp->rlock) before the function call and spinunlock(&sqp->rlock) after it (Kernel Git).