CVE-2023-54048

CVE-2023-54048 in the Linux kernel’s RDMA bnxt_re driver: a race can occur after a QP is destroyed when the hardware may generate completions for that QP, leading to a race between destroy_cq and poll_cq. The advisory states that completions must be finished before returning from destroy_qp, and ...

kernel: IB/uverbs: Handle large number of entries in poll CQ

The ibuverbspollcq function in drivers/infiniband/core/uverbscmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially fille...