{"id":"CVE-2021-47392","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure\n\nIf cma_listen_on_all() fails it leaves the per-device ID still on the\nlisten_list but the state is not set to RDMA_CM_ADDR_BOUND.\n\nWhen the cmid is eventually destroyed cma_cancel_listens() is not called\ndue to the wrong state, however the per-device IDs are still holding the\nrefcount preventing the ID from being destroyed, thus deadlocking:\n\n task:rping state:D stack:   0 pid:19605 ppid: 47036 flags:0x00000084\n Call Trace:\n  __schedule+0x29a/0x780\n  ? free_unref_page_commit+0x9b/0x110\n  schedule+0x3c/0xa0\n  schedule_timeout+0x215/0x2b0\n  ? __flush_work+0x19e/0x1e0\n  wait_for_completion+0x8d/0xf0\n  _destroy_id+0x144/0x210 [rdma_cm]\n  ucma_close_id+0x2b/0x40 [rdma_ucm]\n  __destroy_id+0x93/0x2c0 [rdma_ucm]\n  ? __xa_erase+0x4a/0xa0\n  ucma_destroy_id+0x9a/0x120 [rdma_ucm]\n  ucma_write+0xb8/0x130 [rdma_ucm]\n  vfs_write+0xb4/0x250\n  ksys_write+0xb5/0xd0\n  ? syscall_trace_enter.isra.19+0x123/0x190\n  do_syscall_64+0x33/0x40\n  entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nEnsure that cma_listen_on_all() atomically unwinds its action under the\nlock during error.","modified":"2026-03-14T14:51:53.162739Z","published":"2024-05-21T15:15:24.553Z","related":["SUSE-SU-2024:2008-1","SUSE-SU-2024:2010-1","SUSE-SU-2024:2011-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2185-1","SUSE-SU-2024:2189-1","SUSE-SU-2024:2190-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/3f4e68902d2e545033c80d7ad62fd9a439e573f4"},{"type":"FIX","url":"https://git.kernel.org/stable/c/ca465e1f1f9b38fe916a36f7d80c5d25f2337c81"},{"type":"FIX","url":"https://git.kernel.org/stable/c/e56a5146ef8cb51cd7c9e748267dce7564448a35"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.10.4"},{"fixed":"5.10.71"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.14.10"}]},{"events":[{"introduced":"0"},{"last_affected":"5.15-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.15-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.15-rc3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47392.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}