CVE-2024-47696

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description The issue is related to a use-after-free vulnerability in the Linux kernel's RDMA/iwcm component. This vulnerability can lead to a denial of service. The problem arises when the function flush workqueue is invoked to flush the work queue iwcm wq, which was created without the flag WQ MEM RECLAIM. This can cause a deadlock if the current process is reclaiming memory or running on a workqueue without the WQ MEM RECLAIM flag. Technical details include the involvement of functions such as destroy cm id and flush workqueue, and variables like iwcm wq.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider restricting access to the vulnerable iwcm module to minimize the risk of exploitation. Avoid using the iwcm wq work queue in critical operations until the issue is resolved.