Mike Marciniszyn

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a NULL pointer dereference in the IB/hfi1 component of the Linux kernel. An early failure in `hfi1 ipoib setup rn()` can lead to a panic due to a NULL dereference when `hfi1 ipoib netdev dtor()` is called. The functions `hfi1 ipoib txreq init()` and `hfi1 ipoib rxq init()` are self-unwinding, and the fix involves adjusting the error paths accordingly. Other changes include deleting `hfi1 ipoib free rdma netdev()` and moving the switch to accelerated entrances to the success path. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a leak of the `rcvhdrtail dummy kvaddr` buffer in the IB/hfi1 component of the Linux kernel. This leak occurs when the `reinit` path overwrites the old allocation, causing it to be lost. The vulnerability allows an attacker to potentially gain access to confidential information. The fix involves moving the allocation of the buffer to `hfi1 alloc devdata()` and the deallocation to `hfi1 free devdata()`. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue occurs when the ipoib send queue size is increased from the default, causing a panic. The problem happens because the shift that should have been a function of the txq item size mistakenly used the ring size. The fix involves using the item size instead of the ring size. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.