Use After Free Affecting kernel-ipaclones-internal package, versions *


Severity

Recommended
0.0
medium
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Use After Free vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-RHEL8-KERNELIPACLONESINTERNAL-6336655
  • published29 Feb 2024
  • disclosed28 Feb 2024

Introduced: 28 Feb 2024

CVE-2021-47012  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:8 kernel-ipaclones-internal.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-ipaclones-internal package and not the kernel-ipaclones-internal package as distributed by RHEL. See How to fix? for RHEL:8 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

RDMA/siw: Fix a use after free in siw_alloc_mr

Our code analyzer reported a UAF.

In siw_alloc_mr(), it calls siw_mr_add_mem(mr,..). In the implementation of siw_mr_add_mem(), mem is assigned to mr->mem and then mem is freed via kfree(mem) if xa_alloc_cyclic() failed. Here, mr->mem still point to a freed object. After, the execution continue up to the err_out branch of siw_alloc_mr, and the freed mr->mem is used in siw_mr_drop_mem(mr).

My patch moves "mr->mem = mem" behind the if (xa_alloc_cyclic(..)<0) {} section, to avoid the uaf.

CVSS Scores

version 3.1