Linux Kernel RDMA Sub-Device Reference Count Management Vulnerability

A vulnerability exists in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically in the handling of sub-device reference counts. The issue arises in the 'ib_del_sub_device_and_put()' function, which is responsible for deleting a sub IB device and managing its reference count. When a sub-device is deleted, the function checks for a parent device. If no parent is found, it should release the reference count before returning an error. However, the current implementation fails to do so, potentially leading to memory management issues.

Impact

This vulnerability can cause improper reference count management, which may lead to memory leaks or use-after-free conditions, potentially exploitable in certain scenarios.

Reproduction

The vulnerability can be reproduced by adding a sub IB device through netlink, which automatically grabs a reference to the device. Then, attempt to delete the sub-device using the 'ib_del_sub_device_and_put()' function without a parent device, which will trigger the error handling path that fails to properly release the reference count.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.