Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out that hns_roce_qp_remove() requires the caller to hold locks. The error flow in hns_roce_create_qp_common() doesn't hold those locks for the error unwind so it risks corrupting memory. Grab the same locks the other two callers use.
Product status
e088a685eae94a0607b8f7b99949a0e14d748813 (git) before 1f0a3aa8b569d010316b427238222c5d899f9618
e088a685eae94a0607b8f7b99949a0e14d748813 (git) before b6296ff2475fc95ee6ea1b528c4b385302808186
e088a685eae94a0607b8f7b99949a0e14d748813 (git) before fb4ae739811d467409bd07d0e36cfd4140f3d26a
e088a685eae94a0607b8f7b99949a0e14d748813 (git) before fcf6a832c0d5b2bc5398d6996c5570d3ee7993fb
e088a685eae94a0607b8f7b99949a0e14d748813 (git) before 1912f78798505dc9c637081bbddfbf1c22494c49
e088a685eae94a0607b8f7b99949a0e14d748813 (git) before 615d9d260c32bb678504ca96f29ae46f9d745155
e088a685eae94a0607b8f7b99949a0e14d748813 (git) before 0c99acbc8b6c6dd526ae475a48ee1897b61072fb
4.17
Any version before 4.17
5.15.209 (semver)
6.1.175 (semver)
6.6.140 (semver)
6.12.88 (semver)
6.18.30 (semver)
7.0.7 (semver)
7.1-rc3 (original_commit_for_fix)
References
git.kernel.org/...c/1f0a3aa8b569d010316b427238222c5d899f9618
git.kernel.org/...c/b6296ff2475fc95ee6ea1b528c4b385302808186
git.kernel.org/...c/fb4ae739811d467409bd07d0e36cfd4140f3d26a
git.kernel.org/...c/fcf6a832c0d5b2bc5398d6996c5570d3ee7993fb
git.kernel.org/...c/1912f78798505dc9c637081bbddfbf1c22494c49
git.kernel.org/...c/615d9d260c32bb678504ca96f29ae46f9d745155
git.kernel.org/...c/0c99acbc8b6c6dd526ae475a48ee1897b61072fb