CVE-2021-47196

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.15.0

Description The vulnerability is related to a use-after-free error in the create qp function. This issue can be exploited to potentially elevate privileges in the system. The error occurs when the create qp function is called and the QP creation fails, leading to a path where the QP destroy function is called, which relies on proper CQ pointers. The vulnerability is identified by the KASAN (Kernel Address Sanitizer) tool.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, ensure that the RDMA/core component is updated to set send and receive CQ before forwarding to the driver, and that the create qp function is modified to properly handle QP creation failures.

Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.

As a temporary workaround, consider disabling the create qp function until a patch is available. However, this may have significant performance implications and should be carefully evaluated before implementation.

At the moment, there is no information about a newer version that contains a fix for this vulnerability, so the above recommendations are based on the information provided.