CVE-2024-57857: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57857 affects the Linux kernel's RDMA/siw (Software iWARP) component. The vulnerability was discovered when a badly managed local link to netdevice was causing a 'KASAN: slab-use-after-free' exception during siwquery_port() call. The issue was disclosed on January 15, 2025, and affects the Linux kernel's RDMA subsystem (NVD).

The vulnerability stems from improper management of a direct link to netdevice in the RDMA/siw component. The issue occurs because the code was maintaining a per-device direct link to netdevice while also relying on associated ibdevices netdevice management, effectively doubling the effort locally. This led to a use-after-free condition during siwqueryport() function calls (Kernel Commit). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker to trigger a use-after-free condition, potentially leading to system crashes or memory corruption. Given the CVSS score and vector, the vulnerability could result in high impacts to confidentiality, integrity, and availability of the affected system when successfully exploited (NVD).

The vulnerability has been fixed by removing the direct link to netdevice and relying solely on the associated ibdevices net_device management. The fix was implemented in the Linux kernel through commit 16b87037b48889d21854c8e97aec8a1baf2642b3 (Kernel Commit). Users should update their Linux kernel to a version containing this fix.