CVE-2021-47616: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-47616 is a use-after-free vulnerability in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem. The vulnerability was discovered in the rxequeuecleanup function. On the error handling path in rxeqpfrominit(), qp->sq.queue is freed and then rxecreate_qp() drops the last reference to this object, causing the qp cleanup function to attempt to free this queue again, resulting in a use-after-free condition (Kernel Git).

The vulnerability exists in the error handling path of the rxeqpfrominit() function. The issue occurs when qp->sq.queue is freed, followed by rxecreate_qp() dropping the last reference to this object. The cleanup function then attempts to free this queue again, leading to a use-after-free vulnerability. The bug was introduced by commit 514aee660df4 'RDMA: Globally allocate and release QP memory'. The CVSS v3.1 base score for this vulnerability is 7.8 HIGH (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

This vulnerability could potentially lead to privilege escalation, system crashes, or arbitrary code execution in the context of the kernel. The high CVSS score indicates that successful exploitation could result in complete compromise of confidentiality, integrity, and availability of the affected system.

The vulnerability has been fixed by zeroing the queue pointer after freeing the queue in rxeqpfrom_init(). Users should upgrade to Linux kernel version 5.15.10 or later which contains the fix. The patch adds 'qp->sq.queue = NULL' after the queue cleanup to prevent the use-after-free condition (Kernel Git).