A memory management error in the Linux kernel RDS driver during copy errors can cause a use-after-free vulnerability, risking system stability.

The __rds_rdma_map() function incorrectly handles MR cleanup when a copy error occurs. Because ownership of sg/pages is handed to the transport after get_mr() succeeds, failing to handle cleanup correctly results in a use-after-free condition.

This flaw can be exploited to cause a system crash or potentially corrupt kernel memory. Given the 7.8 CVSS score, this is a significant risk for systems that utilize the Reliable Datagram Sockets (RDS) protocol.

Immediate Action: Apply the vendor-provided kernel patch to fix the MR cleanup logic in the RDS driver.

Proactive Monitoring: Monitor system logs for RDS-related errors or kernel panics.

Compensating Controls: Disable the RDS protocol if it is not required for your network infrastructure.

Public Exploit Available: false

Organizations using the RDS protocol should prioritize this security update. Verify kernel versions and apply the patches to mitigate the risk of kernel memory corruption and system instability.