Fixed
Created: Dec 10, 2025
Updated: Dec 11, 2025
Resolved Date: Dec 10, 2025
Found In Version: 10.22.33.1
Fix Version: 10.22.33.3
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]RDMA/siw: Fix QP destroy to wait for all references dropped.[EOL][EOL]Delay QP destroy completion until all siw references to QP are[EOL]dropped. The calling RDMA core will free QP structure after[EOL]successful return from siw_qp_destroy() call, so siw must not[EOL]hold any remaining reference to the QP upon return.[EOL]A use-after-free was encountered in xfstest generic/460, while[EOL]testing NFSoRDMA. Here, after a TCP connection drop by peer,[EOL]the triggered siw_cm_work_handler got delayed until after[EOL]QP destroy call, referencing a QP which has already freed.
