CVE-2021-47615

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the RDMA/mlx5 component in the Linux kernel. Specifically, for the case of IB MR TYPE DM, the mr does not have a umem, even though it is a user MR. This causes the function mlx5 free priv descs() to think that it is a kernel MR, leading to wrongly accessing mr->descs that will get wrong values in the union, which leads to an attempt to release resources that were not allocated in the first place. The problem is fixed by reorganizing the dereg flow and mlx5 ib mr structure. The ib umem field is moved into the user MRs structure in the union, as it's applicable only there. The function mlx5 ib dereg mr() will now call mlx5 free priv descs() only in case there isn't udata, which indicates that this isn't a user MR.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.