Daniel Vacek

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.18.0-372.75.1.el8 6 **Description** The vulnerability is related to the IB/ipoib component of the Linux kernel. It occurs when the `priv->lock` is released while iterating the `priv->multicast list` in `ipoib mcast join task()`, allowing `ipoib mcast dev flush()` to remove items during iteration. If the mcast is removed while the lock is dropped, the for loop spins forever, resulting in a hard lockup. This issue can be fixed by keeping the lock held and changing to GFP ATOMIC to prevent eventual sleeps. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for the IB/ipoib component, specifically the patch that addresses the mcast list locking issue. As a temporary workaround, consider disabling the `ipoib mcast join task()` function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation.