CVE-2024-47750

Summary

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08

Currently rsv_qp is freed before ib_unregister_device() is called on HIP08. During the time interval, users can still dereg MR and rsv_qp will be used in this process, leading to a UAF. Move the release of rsv_qp after calling ib_unregister_device() to fix it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux70f92521584f1d1e8268311ee84413307b0fdea8 < 2ccf1c75d39949d8ea043d04a2e92d7100ea723daffected
LinuxLinux70f92521584f1d1e8268311ee84413307b0fdea8 < d2d9c5127122745da6e887f451dd248cfeffca33affected
LinuxLinux70f92521584f1d1e8268311ee84413307b0fdea8 < dac2723d8bfa9cf5333f477741e6e5fa1ed34645affected
LinuxLinux70f92521584f1d1e8268311ee84413307b0fdea8 < 60595923371c2ebe7faf82536c47eb0c967e3425affected
LinuxLinux70f92521584f1d1e8268311ee84413307b0fdea8 < fd8489294dd2beefb70f12ec4f6132aeec61a4d0affected
LinuxLinux5.18affected
LinuxLinux0 < 5.18unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.54 <= 6.6.*unaffected
LinuxLinux6.10.13 <= 6.10.*unaffected
LinuxLinux6.11.2 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References