A flaw was found in Linux Kernel in the ucma_leave_multicast() function in drivers/infiniband/core/ucma.c which allows to access a certain data structure after freeing it in ucma_process_join(). This allows an attacker to cause use-after-free bug and to induce kernel memory corruption, leading to a system crash or other unspecified impact. References: https://marc.info/?t=152787806300002&r=1&w=2 https://patchwork.kernel.org/patch/10444267/ An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1611007]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:0831
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043