CVE-2024-49569: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's NVMe-RDMA (Remote Direct Memory Access) driver has been identified and assigned CVE-2024-49569. The issue occurs during the disconnection process of NVMe over RDMA transport, where the admin queue is not properly unquiesced before destruction, leading to a kernel hang. This vulnerability was discovered in January 2025 and affects systems using NVMe over RDMA transport (Kernel Git).

The vulnerability stems from a sequence where the admin queue is quiesced before canceling requests, but the code fails to unquiesce it before destruction. This results in a failure to drain pending requests, causing an indefinite hang in the blk_mq_freeze_queue_wait() function. The issue manifests specifically during the destroy_admin_queue operation while creating a controller fails. The bug is triggered in the nvme_rdma_destroy_admin_queue function, as evidenced by the kernel call trace (Kernel Git).

The primary impact of this vulnerability is a system hang that affects the NVMe subsystem when using RDMA transport. The issue only occurs during specific conditions when disconnecting or when controller creation fails, potentially affecting system stability and availability (Red Hat Portal).

A fix has been implemented that reuses the nvme_rdma_teardown_admin_queue() function to properly handle the admin queue cleanup. The patch simplifies the code and ensures proper unquiescing of the admin queue before destruction (Kernel Git).