CVE-2024-50095
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50095 is a vulnerability in the Linux kernel's RDMA/mad subsystem. The issue lies in the handling of timed-out WRs (Write Requests) of mad agents, which can cause heavy locking contention and result in softlockups. The previous timeout handler acquires and releases the mad_agent_priv lock for every timed-out WR, leading to performance degradation. The vulnerability can be resolved by implementing a simplified timeout handler that creates a local list of timed-out WRs and invokes the send handler post creating the list, reducing locking contention when processing a high number of WRs.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.