CVE-2021-47012
Published: Feb 28, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix a use after free in siw_alloc_mr Our code analyzer reported a UAF. In siw_alloc_mr(), it calls siw_mr_add_mem(mr,..). In the implementation of siw_mr_add_mem(), mem is assigned to mr->mem and then mem is freed via kfree(mem) if xa_alloc_cyclic() failed. Here, mr->mem still point to a freed object. After, the execution continue up to the err_out branch of siw_alloc_mr, and the freed mr->mem is used in siw_mr_drop_mem(mr). My patch moves "mr->mem = mem" behind the if (xa_alloc_cyclic(..)<0) {} section, to avoid the uaf.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 2251334dcac9eb337575d8767e2a6a7e81848f7f - < 30b9e92d0b5e5d5dc1101ab856c17009537cbca4affected 2251334dcac9eb337575d8767e2a6a7e81848f7f - < 608a4b90ece039940e9425ee2b39c8beff27e00caffected 2251334dcac9eb337575d8767e2a6a7e81848f7f - < 3e22b88e02c194f6c80867abfef5cc09383461f4affected 2251334dcac9eb337575d8767e2a6a7e81848f7f - < ad9ce7188432650469a6c7625bf479f5ed0b6155affected 2251334dcac9eb337575d8767e2a6a7e81848f7f - < 3093ee182f01689b89e9f8797b321603e5de4f63 |
Linux | Linux | affected 5.3unaffected 0 - < 5.3unaffected 5.4.119 - <= 5.4.*unaffected 5.10.37 - <= 5.10.*unaffected 5.11.21 - <= 5.11.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now