Linux Kernel RDMA/iWARP RoCEv2 Invalid Context Sleep Vulnerability

Vulnerability

A vulnerability in the Linux kernel's RDMA/irdma component can lead to a kernel panic. The issue arises when the qos_mutex is held to manage RoCEv2 Queue Pair events, causing a conflict by invoking a sleeping function in an inappropriate context. This problem can be resolved by eliminating the RoCEv2 handling in the 'irdma_cm_teardown_connections' function, which currently relies on the mutex. The RoCEv2 management is unnecessary and potentially harmful, as it can disrupt connection stability during link outages or IP address changes.

Impact

The vulnerability can cause a kernel panic, disrupting system operations and potentially leading to a denial of service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel RDMA/iWARP RoCEv2 Invalid Context Sleep Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating