CVE-2021-47481 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability occurs in the RDMA/mlx5 driver of the Linux kernel, specifically when creating an ODP (On-Demand Paging) Memory Region (MR). The issue arises because the ODP xarray is not properly initialized, leading to a page fault and subsequent crash.

 Normally, this missing initialization would be hidden by zero-fill, but an errant set to `desc_size` in `reg_create()` causes the crash. The crash occurs when attempting to access an invalid memory address (`0000000800000000`) during the execution of `mlx5_ib_dereg_mr`.

 The fix involves adding the missing xarray initialization and removing the `desc_size` set. This issue was introduced in kernel version 5.13 with commit `a639e66703ee` and fixed in kernel versions 5.14.16 with commit `5f6995295f65` and 5.15 with commit `5508546631a0`.
	The vulnerability occurs in the RDMA/mlx5 driver of the Linux kernel, specifically when creating an ODP (On-Demand Paging) Memory Region (MR). The issue arises because the ODP xarray is not properly initialized, leading to a page fault and subsequent crash.

	Normally, this missing initialization would be hidden by zero-fill, but an errant set to `desc_size` in `reg_create()` causes the crash. The crash occurs when attempting to access an invalid memory address (`0000000800000000`) during the execution of `mlx5_ib_dereg_mr`.

	The fix involves adding the missing xarray initialization and removing the `desc_size` set. This issue was introduced in kernel version 5.13 with commit `a639e66703ee` and fixed in kernel versions 5.14.16 with commit `5f6995295f65` and 5.15 with commit `5508546631a0`.