In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure If
cma_listen_on_all() fails it leaves the per-device ID still on the
listen_list but the state is not set to RDMA_CM_ADDR_BOUND. When the cmid
is eventually destroyed cma_cancel_listens() is not called due to the wrong
state, however the per-device IDs are still holding the refcount preventing
the ID from being destroyed, thus deadlocking: task:rping state:D stack: 0
pid:19605 ppid: 47036 flags:0x00000084 Call Trace: __schedule+0x29a/0x780 ?
free_unref_page_commit+0x9b/0x110 schedule+0x3c/0xa0
schedule_timeout+0x215/0x2b0 ? __flush_work+0x19e/0x1e0
wait_for_completion+0x8d/0xf0 _destroy_id+0x144/0x210 [rdma_cm]
ucma_close_id+0x2b/0x40 [rdma_ucm] __destroy_id+0x93/0x2c0 [rdma_ucm] ?
__xa_erase+0x4a/0xa0 ucma_destroy_id+0x9a/0x120 [rdma_ucm]
ucma_write+0xb8/0x130 [rdma_ucm] vfs_write+0xb4/0x250 ksys_write+0xb5/0xd0
? syscall_trace_enter.isra.19+0x123/0x190 do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9 Ensure that cma_listen_on_all()
atomically unwinds its action under the lock during error.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/ca465e1f1f9b38fe916a36f7d80c5d25f2337c81 (5.15-rc4)
git.kernel.org/stable/c/3f4e68902d2e545033c80d7ad62fd9a439e573f4
git.kernel.org/stable/c/ca465e1f1f9b38fe916a36f7d80c5d25f2337c81
git.kernel.org/stable/c/e56a5146ef8cb51cd7c9e748267dce7564448a35
launchpad.net/bugs/cve/CVE-2021-47392
nvd.nist.gov/vuln/detail/CVE-2021-47392
security-tracker.debian.org/tracker/CVE-2021-47392
www.cve.org/CVERecord?id=CVE-2021-47392