Junxian Huang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A NULL pointer dereference issue has been resolved in the Linux kernel. The issue is related to the `hns roce map mr sg()` function, where the `ib map mr sg()` function allows ULPs to specify NULL as the `sg offset` argument. The driver needs to check whether it is a NULL pointer before dereferencing it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the RDMA/hns module in the Linux kernel, where the refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause a use-after-free (UAF) condition. This can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability is fixed by using the xa lock() to protect the CQ refcount. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.