Chunguang Xu

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a double free vulnerability in the NVMe driver of the Linux kernel. This vulnerability can occur when a discard request needs to be retried and may fail before a new special payload is added, resulting in a double free. The vulnerability is associated with the `nvme cleanup cmd()` function in the `drivers/nvme/host/core.c` module. Exploitation of this vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a reconnection failure in the Linux kernel when using NVMe over RDMA. The problem occurs due to a potential ABBA deadlock caused by tag allocation. Specifically, the `admin q` reconnect fails forever when the remote target and network are okay. This happens because the tag is held by a keep alive request waiting inside `admin q`, and the only reserved tag is held by the keep alive command. As a result, the reconnect fails. The issue is caused by the allocation of tags, where `fabric q` shares the tag set with `admin q`. To fix this issue, it is suggested to keep two reserved tags for the admin queue. **Recommendations** To resolve the issue, keep two reserved tags for the admin queue. This will prevent the reconnect failure caused by the ABBA deadlock due to tag allocation.