CVE-2024-47750

RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 Currently rsv_qp is freed before ib_unregister_device() is called on HIP08. During the time interval, users can still dereg MR and rsv_qp will be used in this process, leading to a UAF. Move the release of rsv_qp after calling ib_unregister_device() to fix it.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2ccf1c75d39949d8ea043d04a2e92d7100ea723d patch
https://git.kernel.org/stable/c/d2d9c5127122745da6e887f451dd248cfeffca33 patch
https://git.kernel.org/stable/c/dac2723d8bfa9cf5333f477741e6e5fa1ed34645 patch
https://git.kernel.org/stable/c/60595923371c2ebe7faf82536c47eb0c967e3425 patch
https://git.kernel.org/stable/c/fd8489294dd2beefb70f12ec4f6132aeec61a4d0 patch

Frequently Asked Questions

What is the severity of CVE-2024-47750?
CVE-2024-47750 has been scored as a high severity vulnerability.
How to fix CVE-2024-47750?
To fix CVE-2024-47750, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-47750 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-47750 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-47750?
CVE-2024-47750 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.