Linux Kernel RDMA/cma Work Queue Management Vulnerability Leading to User Space Process Hang

A vulnerability in the Linux kernel's RDMA/cma component can cause a user space process to hang, creating a zombie process. This issue arises when the cma_netevent_callback function fails to properly manage work queue items for a cma_id, leading to a situation where the work handler does not call cma_id_put, which is necessary to prevent the process hang. The vulnerability was introduced because the work item was re-initialized before the previous call had completed, corrupting the work queue management.

Impact

The vulnerability causes a user space process to hang, resulting in a zombie process that consumes system resources without performing any useful work.

Remediation

The vulnerability has been addressed by modifying the work queue management to ensure that cma_id_put is called if queue_work fails, preventing the process hang. Users should apply the latest patches available in the Linux kernel to mitigate this issue.