CVE-2024-47750 is a use-after-free (UAF) vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically affecting the hns (HiSilicon Network Subsystem) driver on the HIP08 platform. The vulnerability arises due to improper ordering of resource deallocation in the kernel code. In this case, the resource 'rsv_qp' (reserved queue pair) is freed before the call to ib_unregister_device(), which unregisters the InfiniBand device. During the interval between freeing rsv_qp and unregistering the device, userspace processes can still deregister memory regions (MR), which internally use rsv_qp. Because rsv_qp has already been freed, this leads to a use-after-free condition where the kernel attempts to access memory that has been deallocated. This flaw can cause kernel crashes, memory corruption, or potentially enable privilege escalation or arbitrary code execution within the kernel context if exploited. The fix involves reordering the release of rsv_qp to occur only after the call to ib_unregister_device(), ensuring that no user operations can reference freed memory. The vulnerability affects specific Linux kernel versions identified by the commit hash 70f92521584f1d1e8268311ee84413307b0fdea8, and was published on October 21, 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a significant risk primarily to environments utilizing Linux servers with RDMA capabilities, especially those deploying HiSilicon HIP08 hardware or similar RDMA-enabled network interfaces. RDMA is commonly used in high-performance computing clusters, data centers, and enterprise storage networks to achieve low-latency, high-throughput communication. Exploitation of this UAF vulnerability could lead to kernel crashes causing denial of service, or more critically, allow attackers to execute arbitrary code with kernel privileges, compromising system integrity and confidentiality. This could result in unauthorized access to sensitive data, disruption of critical services, and lateral movement within corporate networks. Given the widespread use of Linux in European data centers and cloud infrastructure, organizations relying on RDMA-enabled hardware should consider this vulnerability a serious threat. However, the absence of known exploits and the specialized nature of the affected subsystem somewhat limit the immediate risk to general-purpose Linux deployments.

European organizations should promptly apply the official Linux kernel patches that reorder the resource deallocation to fix the use-after-free condition. If patching is not immediately feasible, temporarily disabling RDMA functionality on affected systems can mitigate exposure. Network administrators should audit their infrastructure to identify systems running the affected kernel versions with HIP08 RDMA hardware. Implement strict access controls and monitoring on systems with RDMA capabilities to detect unusual deregistration or device unregistration activities. Additionally, organizations should ensure that kernel updates are tested and deployed rapidly in environments where RDMA is critical. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Control Flow Integrity (CFI) can further reduce exploitation likelihood. Finally, maintain vigilant monitoring for any emerging exploit reports or indicators of compromise related to this vulnerability.