Linux Kernel RDMA/hfi1 Use-After-Free Vulnerability in Memory Management

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's RDMA/hfi1 component. This issue arises under certain conditions, such as during an MPI_Abort, when the hfi1 cleanup process may prematurely release the last reference to a task's memory management structure. As a result, a new task could allocate the memory structure while it is still in use, leading to various problems. One consequence is the corruption of the memory management semaphore counter, causing a deadlock during write operations. Additionally, this vulnerability can corrupt a memory management structure that another task is actively using.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, causing memory corruption. This can disrupt the normal operation of the kernel, potentially leading to a deadlock situation or other unpredictable behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel RDMA/hfi1 Use-After-Free Vulnerability in Memory Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating