Use After Free Vulnerability in Linux Kernel's RDMA iwcm Component
CVE-2025-38211
What is CVE-2025-38211?
The vulnerability in the Linux kernel's RDMA iwcm component stems from a use-after-free condition where references to 'cm_id_private' objects can persist after the associated 'cm_id' has been destroyed. Following the simplification of 'cm_id' resource management, a flaw was introduced that allows event handler works to reference freed memory locations, leading to potential system instability. This issue can lead to serious security implications, including memory corruption and denial-of-service conditions, notably when subjected to specific test cases like 'nvme/061'. This flaw highlights the importance of rigorous resource management and the necessity of flushing pending works during the destruction of 'cm_id' to mitigate associated risks.
Affected Version(s)
Linux 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 < 3b4a50d733acad6831f6bd9288a76a80f70650ac
Linux 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 < 78381dc8a6b61c9bb9987d37b4d671b99767c4a1
Linux 59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 < 23a707bbcbea468eedb398832eeb7e8e0ceafd21