CVE-2022-50543 – This CVE describes a double-free vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-50543?

CVE-2022-50543 has a CVSS score of 7.8 (HIGH). This CVE describes a double-free vulnerability in the Linux kernel's RDMA over Converged Ethernet (RoCE) subsystem. When rxe_mr_init_user() fails during memory region initialization, rxe_mr_cleanup() can attempt to free the mr->map memory twice, potentially leading to kernel panic or memory corruption. This affects systems using the RDMA/rxe driver for remote direct memory access.

📋 TL;DR

This CVE describes a double-free vulnerability in the Linux kernel's RDMA over Converged Ethernet (RoCE) subsystem. When rxe_mr_init_user() fails during memory region initialization, rxe_mr_cleanup() can attempt to free the mr->map memory twice, potentially leading to kernel panic or memory corruption. This affects systems using the RDMA/rxe driver for remote direct memory access.

💻 Affected Systems

Products:

Linux kernel with RDMA/rxe driver enabled

Versions: Linux kernel versions between specific commits (exact range depends on distribution backports, but vulnerability introduced around 6.1.0-rc1 and fixed in later stable releases)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if RDMA/rxe driver is loaded and used. Many systems don't use RDMA functionality by default.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, or potential privilege escalation if memory corruption can be leveraged for arbitrary code execution.

🟠

Likely Case

System crash or instability when RDMA operations fail, causing denial of service for applications using RDMA functionality.

🟢

If Mitigated

Limited impact if RDMA functionality is not used or if the vulnerable code path is not triggered.

🌐 Internet-Facing: LOW - RDMA typically operates on internal networks and requires local network access.

🏢 Internal Only: MEDIUM - Systems using RDMA/rxe driver for high-performance computing or storage applications could experience crashes affecting critical services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering the specific error path in rxe_mr_init_user() and having RDMA functionality available. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable commits: 06f73568f553b5be6ba7f6fe274d333ea29fc46d, 6ce577f09013206e36e674cd27da3707b2278268, 7d984dac8f6bf4ebd3398af82b357e1d181ecaac

Vendor Advisory: https://git.kernel.org/stable/c/06f73568f553b5be6ba7f6fe274d333ea29fc46d

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For Red Hat/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image-*. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable RDMA/rxe driver

linux

Prevent loading of the vulnerable RDMA/rxe kernel module

echo 'blacklist rdma_rxe' >> /etc/modprobe.d/blacklist-rdma.conf
rmmod rdma_rxe

Restrict RDMA access

linux

Limit which users or processes can access RDMA devices

chmod 600 /dev/infiniband/*
setfacl -m u:rdma_user:rw- /dev/infiniband/rdma_cm

🧯 If You Can't Patch

Disable RDMA functionality if not required for system operation
Implement strict access controls to limit which users can perform RDMA operations

🔍 How to Verify

Check if Vulnerable:

Check if RDMA/rxe module is loaded: lsmod | grep rdma_rxe. Check kernel version: uname -r and compare with patched versions from your distribution.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and RDMA functionality still works if needed: ibv_devices

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning rxe_mr_cleanup
KASAN reports of double-free in RDMA subsystem
System crashes during RDMA operations

Network Indicators:

Unexpected RDMA connection failures
Increased retransmissions on RDMA networks

SIEM Query:

event_source="kernel" AND (message="panic" OR message="KASAN") AND (message:"rxe_mr_cleanup" OR message:"double-free")

📊 Metadata

CVE ID: CVE-2022-50543

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

Published: October 7, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50543, you might also want to check these: