CVE-2022-50666

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/siw: Fix QP destroy to wait for all references dropped.<br /> <br /> Delay QP destroy completion until all siw references to QP are<br /> dropped. The calling RDMA core will free QP structure after<br /> successful return from siw_qp_destroy() call, so siw must not<br /> hold any remaining reference to the QP upon return.<br /> A use-after-free was encountered in xfstest generic/460, while<br /> testing NFSoRDMA. Here, after a TCP connection drop by peer,<br /> the triggered siw_cm_work_handler got delayed until after<br /> QP destroy call, referencing a QP which has already freed.