Linux Kernel RDMA Memory Leak Vulnerability in Connection Manager

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's RDMA connection manager. The issue arises in the 'ib_cm_insert_listen' function, where resources allocated for 'cm_id_priv' are not properly freed if 'cm_init_listen' fails. This oversight leads to a memory leak, as the allocated resources remain unreturned. The vulnerability has been addressed by adding the necessary error handling to prevent the memory leak.

Impact

Exploitation of this vulnerability leads to a memory leak, causing increased memory usage over time, which could potentially degrade system performance or exhaust available memory resources.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel RDMA Memory Leak Vulnerability in Connection Manager

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating