CVE-2021-47078

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0-syzkaller

Description The issue is related to the RDMA/rxe component of the Linux kernel. Specifically, the rxe qp do cleanup() function relies on valid pointer values in the QP (Queue Pair) for properly created ones. However, if rxe qp from init() fails, it fills the QP with garbage, leading to a refcount t underflow and use-after-free error. This vulnerability can cause a system crash or potentially allow an attacker to execute arbitrary code.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Ensure that all systems using the affected kernel versions are updated as soon as possible to prevent potential exploitation. Additionally, consider implementing security measures such as memory protection and access control to minimize the risk of exploitation.