Linux Kernel RDMA/mlx4 RCU Misuse Vulnerability in SRQ Event Handling

A vulnerability has been identified in the Linux kernel's RDMA mlx4 component, specifically in the handling of shared receive queue (SRQ) events. This issue arises from a misuse of Read-Copy Update (RCU) mechanisms, which can lead to crashes if events are delivered before the SRQ object is fully initialized. The vulnerability exists because the mlx4_srq structure is not properly freed or accessed within RCU critical sections, despite the radix tree lookup being RCU-safe. The problem can be exploited by delivering an event to an SRQ that has not completed its initialization process.

Impact

Exploitation of this vulnerability can cause a system crash by delivering an event to a partially initialized SRQ object, leading to a failure in the event handling process.

Reproduction

To reproduce this vulnerability, trigger an SRQ event delivery before the corresponding SRQ object has finished initializing. This can be done by manipulating the event delivery timing in relation to the SRQ initialization process.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version available in the Linux kernel stable tree to apply the fix.