Leon Romanovsky

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 5.13.0-rc1+ **Description** The vulnerability is related to RDMA/rxe, where an invalid lkey is supplied, causing a kernel panic when an atomic operation is sent with an explicitly wrong lkey. The issue arises from the missing update of WQE status in LOCAL WRITE failures. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.13.0-rc1+ **Description** A divide-by-zero error can be triggered in the Linux kernel by a user-supplied value, specifically the `user entry size`, which is used as a denominator to calculate the number of entries. When a zero value is supplied, it triggers a divide-by-zero error. The error occurs in the `ib uverbs handler UVERBS METHOD QUERY GID TABLE` function. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the `ib uverbs handler UVERBS METHOD QUERY GID TABLE` function until a patch is available. Avoid using the `user entry size` parameter with a value of zero in the affected API endpoint until the issue is resolved.