Akiva Goldberger

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the net/mlx5 component of the Linux kernel, where a use-after-free vulnerability occurs when a firmware completion arrives while the device is in an internal error state. This can lead to a potential execution of arbitrary code or denial of service. The vulnerability is caused by the `cmd ent put` function and the `mlx5 cmd comp handler` function, which are part of the `mlx5 core` module. The kernel log indicates a `refcount t` underflow and use-after-free error. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.