In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() Sashiko points out there are two bugs here in the error unwind flow, both related to how the WQ table is unwound. First there is a double i-- on the first failure path due to the while loop having a i--, remove it. Second if mana_ib_install_cq_cb() fails then mana_create_wq_obj() is not undone due to the above i--.
| Product | Vendor | Version |
|---|---|---|
| Linux | Linux | PAN-0S 9.0.2 and earlier |
| Linux | Linux | Java SE: 8u221, 11.0.4, 13 |
| Linux | Linux | 2.7.4 |
| Linux | Linux | 2.7.5 |