Kamal Heib

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.14.0-408.el9.x86 64 Description: The vulnerability is related to the RDMA/qedr component of the Linux kernel. It is caused by an error in the qedr create user qp function, which can lead to a denial of service. The issue arises when the qedr init user queue function fails, and the allocated resources are not properly freed. This can cause a warning and potentially lead to a system crash. The vulnerability is identified by the function names `qedr create user qp()` and `qedr init user queue()`, and the `uverbs destroy ufile hw()` function is also involved. Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the RDMA/qedr error flow, ensuring that the allocated resources are properly freed in case of a failure in the `qedr init user queue()` function. As a temporary workaround, consider disabling the `qedr create user qp()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a vulnerability in the Linux kernel's RDMA/irdma module, where software-generated completions for outstanding work requests posted on a send queue after a queue pair is in error target the wrong completion queue. This causes the `ib drain sq` function to hang with no completion. The vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.