Unrated severityNVD Advisory· Published Apr 10, 2024· Updated May 4, 2025

RDMA/core: Set send and receive CQ before forwarding to the driver

CVE-2021-47196

Description

In the Linux kernel, the following vulnerability has been resolved:

Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp properties.

This change is needed for mlx5, because in case of QP creation failure, it will go to the path of QP destroy which relies on proper CQ pointers.

BUG: KASAN: use-after-free in create_qp.cold+0x164/0x16e [mlx5_ib] Write of size 8 at addr ffff8880064c55c0 by task a.out/246

CPU: 0 PID: 246 Comm: a.out Not tainted 5.15.0+ #291 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x45/0x59 print_address_description.constprop.0+0x1f/0x140 kasan_report.cold+0x83/0xdf create_qp.cold+0x164/0x16e [mlx5_ib] mlx5_ib_create_qp+0x358/0x28a0 [mlx5_ib] create_qp.part.0+0x45b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae

Allocated by task 246: kasan_save_stack+0x1b/0x40 __kasan_kmalloc+0xa4/0xd0 create_qp.part.0+0x92/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae

Freed by task 246: kasan_save_stack+0x1b/0x40 kasan_set_track+0x1c/0x30 kasan_set_free_info+0x20/0x30 __kasan_slab_free+0x10c/0x150 slab_free_freelist_hook+0xb4/0x1b0 kfree+0xe7/0x2a0 create_qp.part.0+0x52b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae

Affected products

100

osv-coords99 versions
pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_26&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4 pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_13&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Manager%20Server%204.3
< 5.14.21-150500.55.62.1+ 98 more
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2.150500.6.27.2
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150400.15.79.1
- (no CPE)range: < 5.14.21-150400.15.79.1
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150500.55.62.2.150500.6.27.2
- (no CPE)range: < 5.14.21-150500.55.62.2.150500.6.27.2
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150400.24.119.1.150400.24.56.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 1-150400.9.3.1
- (no CPE)range: < 1-150500.11.5.1
- (no CPE)range: < 1-150500.11.3.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150400.15.79.1
- (no CPE)range: < 5.14.21-150400.15.79.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.15.79.1
- (no CPE)range: < 5.14.21-150400.15.79.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150400.24.119.1
- (no CPE)range: < 5.14.21-150400.24.119.1
Linux/Linuxcpe-rescue
Range: 5.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000