It was found that the net_dma code in tcp_recvmsg() in the RHEL6 kernel is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service, or cause a random memory corruption. References: https://seclists.org/oss-sec/2019/q2/7 https://bugs.openvz.org/browse/OVZ-7080 An upstream fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77873803363c https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bced397510a
Acknowledgements: Name: Vasily Averin (Virtuozzo Kernel Team)