Linux Kernel RDMA/Irdma Stack Memory Leak Vulnerability in User AH Creation

A vulnerability in the Linux kernel's RDMA/Irdma subsystem has been identified, specifically in the function that creates user-level address handles. This issue involves an unintentional leak of stack memory, where four bytes of reserved memory are exposed without being properly cleared. The vulnerability arises because the reserved fields in the response structure are not initialized before the data is sent to the user, potentially allowing sensitive information to be disclosed.

Impact

Exploitation of this vulnerability leads to an unintentional disclosure of stack memory, which could contain sensitive information.

Reproduction

The vulnerability can be reproduced by calling the 'irdma_create_user_ah' function in the 'verbs.c' file of the RDMA/Irdma driver. This function will leak four bytes of stack memory through the 'rsvd' field of the 'irdma_create_ah_resp' structure, which is not cleared before the response is sent to the user.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.