| The Linux kernel is vulnerable to a memory leak in the RDMA (Remote Direct Memory Access) subsystem, specifically in the `rdma_resolve_route()` function. This function can be called multiple times on the same `rdma_cm_id` if `cma_query_handler()` triggers the `RDMA_CM_EVENT_ROUTE_ERROR` flow, which puts the state machine back and allows `rdma_resolve_route()` to be called again. |
| |
| This memory leak occurs because the `rdma_resolve_route()` function allocates memory but does not release it when it is called multiple times. This can lead to a gradual increase in memory usage over time, potentially causing performance issues or even crashes. |
| |
| The affected file is `drivers/infiniband/core/cma.c`. The vulnerability has been fixed in various kernel versions, including 4.4.276, 4.9.276, 4.14.240, 4.19.198, 5.4.133, 5.10.51, 5.12.18, and 5.13.3. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue. |
| |
| Individual changes to fix this issue can be found in the corresponding commits, which are listed in the mitigation section. However, cherry-picking individual commits is not recommended or supported by the Linux kernel community. |
| |
