CVE-2021-47616
RDMA: Fix use-after-free in rxe_queue_cleanup
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
RDMA: Fix use-after-free in rxe_queue_cleanup
On error handling path in rxe_qp_from_init() qp->sq.queue is freed and
then rxe_create_qp() will drop last reference to this object. qp clean up
function will try to free this queue one time and it causes UAF bug.
Fix it by zeroing queue pointer after freeing queue in rxe_qp_from_init().
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA: corrige el use-after-free en rxe_queue_cleanup En la ruta de manejo de errores en rxe_qp_from_init() qp->sq.queue se libera y luego rxe_create_qp() eliminará la última referencia a este objeto. La función de limpieza qp intentará liberar esta cola una vez y provocará un error UAF. Solucionarlo poniendo a cero el puntero de la cola después de liberar la cola en rxe_qp_from_init().
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-19 CVE Reserved
- 2024-06-19 CVE Published
- 2024-06-20 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/514aee660df493cd673154a6ba6bab745ec47b8c | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/stable/c/acb53e47db1fbc7cd37ab10b46388f045a76e383 | 2021-12-17 | |
https://git.kernel.org/stable/c/84b01721e8042cdd1e8ffeb648844a09cd4213e0 | 2021-11-25 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.15.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.10" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.16" | en |
Affected
|