Douglas Miller

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been identified where the hfi1 module, when loaded with HFI1 CAP SDMA off, can cause a panic due to a NULL pointer dereference in the hfi1 write iter() function. This occurs through a sequence of function calls including sdma select user engine, hfi1 user sdma process request, and ultimately hfi1 write iter. The problem arises when the SDMA is disabled, leading to the panic. **Recommendations** To resolve this issue, test for SDMA in the hfi1 write iter() function and fail the I/O with EINVAL when SDMA is disabled.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free bug has been identified in the Linux kernel, specifically in the hfi1 cleanup code. Under certain conditions, such as MPI Abort, the last reference to the task mm may be dropped, allowing the mm to be freed before its final use. This can lead to problems, including corruption of the mmap sem counter, resulting in a hang, or corruption of an mm struct that is in use by another task. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.