Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-50135
CVE-2022-50135:
Linux Kernel vulnerability analysis and mitigation
Overview
CVE-2022-50135 is a vulnerability in the Linux kernel's RDMA/rxe component that was discovered and disclosed in June 2025. The vulnerability specifically affects the queue pair (QP) cleanup functionality in the RDMA/rxe subsystem (NVD).
Technical details
The vulnerability stems from a null pointer dereference issue in the rxeqpdocleanup function. The issue occurs when rxecreateqp calls rxeqpfrominit, and if an error occurs, the error handler in rxeqpfrominit sets both scq and rcq to NULL. Subsequently, rxecreateqp calls rxeput to handle qp, which leads to rxeqpdocleanup being called. The vulnerability manifests when rxeqpdocleanup directly accesses scq and rcq before checking if they are NULL, resulting in a null pointer dereference (NVD).
Impact
The vulnerability can lead to a kernel crash due to the null pointer dereference, potentially causing system instability or denial of service conditions (NVD).
Mitigation and workarounds
The vulnerability has been resolved in the Linux kernel through patches that implement proper null pointer checking before accessing the scq and rcq pointers in the rxeqpdo_cleanup function (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management