A flaw in the Linux kernels implementation of RDMA communications manager listener code allowed an attacker with local access to setup socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
Investigation is ongoing for this issue to qualify it better than what I currently understand it.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2032068]
Is this issue know to upstream, is there an upstream fix? I'm trying to properly track this CVE in Debian, but was unable to isolate an upstream commit relating to it. Possible to share information on the CVE in question?
Is the assessment from https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0 correct?
This was fixed for Fedora with the 5.14.10 stable kernel updates.
Added 2032070 to depends list.
Created oVirt tracking bug for this issue: Affects: oVirt Node 4.4 [2056588]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0590 https://access.redhat.com/errata/RHSA-2022:0590
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0629 https://access.redhat.com/errata/RHSA-2022:0629
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0636 https://access.redhat.com/errata/RHSA-2022:0636
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0771 https://access.redhat.com/errata/RHSA-2022:0771
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0772 https://access.redhat.com/errata/RHSA-2022:0772
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0777 https://access.redhat.com/errata/RHSA-2022:0777
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0823 https://access.redhat.com/errata/RHSA-2022:0823
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0851 https://access.redhat.com/errata/RHSA-2022:0851
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0958 https://access.redhat.com/errata/RHSA-2022:0958
Sadly, I couldnt make trackers for a product when the tool would not make trackers at the time. I am kinda confused how it made the other current stream and not 8.7 GA.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1185 https://access.redhat.com/errata/RHSA-2022:1185
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1198 https://access.redhat.com/errata/RHSA-2022:1198
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1199 https://access.redhat.com/errata/RHSA-2022:1199
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2022:1324 https://access.redhat.com/errata/RHSA-2022:1324
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Via RHSA-2022:1373 https://access.redhat.com/errata/RHSA-2022:1373
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1535 https://access.redhat.com/errata/RHSA-2022:1535
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1555 https://access.redhat.com/errata/RHSA-2022:1555
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1550 https://access.redhat.com/errata/RHSA-2022:1550
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2022:2189 https://access.redhat.com/errata/RHSA-2022:2189
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2022:2188 https://access.redhat.com/errata/RHSA-2022:2188
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2022:2186 https://access.redhat.com/errata/RHSA-2022:2186
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Via RHSA-2022:2211 https://access.redhat.com/errata/RHSA-2022:2211
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-4028