| The vulnerability, tracked as CVE-2021-47438, is a memory leak in the mlx5_core_destroy_cq() function's error path. When this function fails, it returns without completing all destroy operations, leading to a memory leak. The fix involves completing the destroy flow before returning an error. |
| |
| Additionally, the patch moves mlx5_debug_cq_remove() to the beginning of mlx5_core_destroy_cq() to maintain symmetry with mlx5_core_create_cq(). This change is necessary because kmemleak complains about an unreferenced object in the mlx5_core module. |
| |
| The affected files are drivers/net/ethernet/mellanox/mlx5/core/cq.c, and the issue was introduced in kernel version 3.11 with commit e126ba97dba9. The fix was applied in kernel versions 5.10.75, 5.14.14, and 5.15 with commits 4f7bddf8c5c0, ed8aafea4fec, and 94b960b9deff, respectively. |
| |
| The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested alone and cherry-picking is not supported. However, if updating is impossible, the individual changes can be found in the specified commits. |
| |
