In the Linux kernel, the following vulnerability has been resolved:
RDMA/qedr: Fix qedrcreateuser_qp error flow
Avoid the following warning by making sure to free the allocated resources in case that qedrinituser_queue() fail.
-----------[ cut here ]----------- WARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdmacore.c:874 uverbsdestroyufilehw+0xcf/0xf0 [ibuverbs] Modules linked in: tls targetcoreuser uio targetcorepscsi targetcorefile targetcoreiblock ibsrpt ibsrp scsitransportsrp nfsd nfsacl rpcsecgsskrb5 authrpcgss nfsv4 dnsresolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opavnic ibumad ibipoib sunrpc rdmaucm ibisert iscsitargetmod targetcoremod ibiser libiscsi scsitransportiscsi rdmacm iwcm ibcm hfi1 intelraplmsr intelraplcommon mgag200 qedr sbedac drmshmemhelper rdmavt x86pkgtempthermal drmkmshelper intelpowerclamp ibuverbs coretemp i2calgobit kvmintel dellwmidescriptor ipmissif sparsekeymap kvm ibcore rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmisi ipmidevintf fbsysfops rapl iTCOwdt mxmwmi iTCOvendorsupport intelcstate pcspkr dcdbas inteluncore ipmimsghandler lpcich acpipowermeter meime mei fuse drm xfs libcrc32c qede sdmod ahci libahci t10pi sg crct10difpclmul crc32pclmul crc32cintel qed libata tg3 ghashclmulniintel megaraidsas crc8 wmi [last unloaded: ibsrpt] CPU: 0 PID: 143192 Comm: firdmtaggedp Kdump: loaded Not tainted 5.14.0-408.el9.x8664 #1 Hardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022 RIP: 0010:uverbsdestroyufilehw+0xcf/0xf0 [ibuverbs] Code: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff RSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286 RAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016 RDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80 R13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0 Call Trace: <TASK> ? showtraceloglvl+0x1c4/0x2df ? showtraceloglvl+0x1c4/0x2df ? ibuverbsclose+0x1f/0xb0 [ibuverbs] ? uverbsdestroyufilehw+0xcf/0xf0 [ibuverbs] ? _warn+0x81/0x110 ? uverbsdestroyufilehw+0xcf/0xf0 [ibuverbs] ? reportbug+0x10a/0x140 ? handlebug+0x3c/0x70 ? excinvalidop+0x14/0x70 ? asmexcinvalidop+0x16/0x20 ? uverbsdestroyufilehw+0xcf/0xf0 [ibuverbs] ibuverbsclose+0x1f/0xb0 [ibuverbs] _fput+0x94/0x250 taskworkrun+0x5c/0x90 doexit+0x270/0x4a0 dogroupexit+0x2d/0x90 getsignal+0x87c/0x8c0 archdosignalorrestart+0x25/0x100 ? ibuverbsioctl+0xc2/0x110 [ibuverbs] exittousermodeloop+0x9c/0x130 exittousermodeprepare+0xb6/0x100 syscallexittousermode+0x12/0x40 dosyscall64+0x69/0x90 ? syscallexitwork+0x103/0x130 ? syscallexittousermode+0x22/0x40 ? dosyscall64+0x69/0x90 ? syscallexitwork+0x103/0x130 ? syscallexittousermode+0x22/0x40 ? dosyscall64+0x69/0x90 ? dosyscall64+0x69/0x90 ? commoninterrupt+0x43/0xa0 entrySYSCALL64afterhwframe+0x72/0xdc RIP: 0033:0x1470abe3ec6b Code: Unable to access opcode bytes at RIP 0x1470abe3ec41. RSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b RDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004 RBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00 R10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358 R13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470 </TASK> --[ end trace 888a9b92e04c5c97 ]--