In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iwconnreqhandler() associates a new struct rdmaidprivate (connid) with an existing struct iwcmid (cmid) as follows: connid->cmid.iw = cmid; cmid->context = connid; cmid->cmhandler = cmaiwhandler; rdmadestroyid() frees both the cmid and the struct rdmaidprivate. Make sure that cmworkhandler() does not trigger a use-after-free by only freeing of the struct rdmaid_private after all pending work has finished.