Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:RDMA/cma: Fix hang when cma_netevent_callback fails to queue_workThe cited commit fixed a crash when cma_netevent_callback was called fora cma_id while work on that id from a previous call had not yet started.The work item was re-initialized in the second call, which corrupted thework item currently in the work queue.However, it left a problem when queue_work fails (because the item isstill pending in the work queue from a previous call). In this case,cma_id_put (which is called in the work handler) is therefore notcalled. This results in a userspace process hang (zombie process).Fix this by calling cma_id_put() if queue_work fails.
No PoCs from references.
- https://github.com/w4zu/Debian_security