Race condition with mlx5_ib_invalidate_range() during create and destroy
Issue
- IB Infiniband RDMA mlx5_ib is freeing a kmalloc-512 cache that it does not own causing memory corruption
- There is a possible use-after-free in dereg_mr() function that can lead to memory corruption by wrongly releasing an MR that was already released.
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.