CVE-2024-47750: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47750 is a Use-After-Free vulnerability discovered in the Linux kernel's RDMA/hns driver. The issue affects the HIP08 hardware implementation where rsv_qp is freed before ib_unregister_device() is called, creating a time window during which users can still dereg MR while rsv_qp is used in this process (NVD). The vulnerability affects Linux kernel versions from 5.18 up to versions before 6.1.113, 6.6.54, 6.10.13, and 6.11.2.

The vulnerability is caused by incorrect timing of resource deallocation in the HIP08 hardware driver implementation. The rsv_qp (reserved queue pair) is freed prematurely before ib_unregister_device() is called, creating a race condition where the freed resource can still be accessed during MR (Memory Region) deregistration. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The Use-After-Free vulnerability can lead to potential privilege escalation, system crashes, or information disclosure on affected systems. The high CVSS score indicates that successful exploitation could result in complete compromise of confidentiality, integrity, and availability of the affected component (NVD).

The vulnerability has been fixed by moving the release of rsv_qp after calling ib_unregister_device(). The fix has been implemented in the Linux kernel through patches that correct the deallocation sequence. Users should update to Linux kernel versions 6.1.113, 6.6.54, 6.10.13, or 6.11.2 or later to address this vulnerability (Kernel Patch).