Impact
This flaw occurs when the RDS InfiniBand connection setup routine fails after allocating send descriptors but before allocating receive descriptors. During the error unwind path the code frees the send descriptors but leaves the pointer intact. A later shutdown pass may still treat this stale pointer as a valid send ring, leading to incorrect resource deallocation and possible memory corruption or system instability. The weakness is a classic use‑after‑free scenario that could allow an attacker to trigger a kernel crash or denial of service if they can force the failing setup path.
Affected Systems
The vulnerability affects the Linux kernel’s RDS (Reliable Datagram Sockets) transport layer. Any Linux distribution that ships a kernel before the inclusion of the commits referenced in the CVE references is potentially vulnerable. The patch is part of the mainline kernel, so all generic Linux installations—e.g., Ubuntu, Debian, Red Hat, Fedora, CentOS—are impacted until they upgrade to a kernel that includes the fix.
Risk and Exploitability
The public CVSS, EPSS, and KEV scores are not provided, but the issue involves a low‑level kernel pointer misuse that may lead to a crash or denial of service. The required conditions are a failed RDS IB setup during a connection lifecycle, which an attacker would need to induce—most likely with local or privileged access to the system’s RDMA network stack. Although there is no indication that the vulnerability is currently being actively exploited, the lack of an EPSS score makes it difficult to assess real‑world exploitation probability. The risk level is best treated as moderate to high until the kernel is patched.
OpenCVE Enrichment