5.5

CVE-2024-35902

net/rds: fix possible cp null dereference

In the Linux kernel, the following vulnerability has been resolved:

net/rds: fix possible cp null dereference

cp might be null, calling cp->cp_conn would produce null dereference

[Simon Horman adds:]

Analysis:

* cp is a parameter of __rds_rdma_map and is not reassigned.

* The following call-sites pass a NULL cp argument to __rds_rdma_map()

  - rds_get_mr()
  - rds_get_mr_for_dest

* Prior to the code above, the following assumes that cp may be NULL
  (which is indicative, but could itself be unnecessary)

	trans_private = rs->rs_transport->get_mr(
		sg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL,
		args->vec.addr, args->vec.bytes,
		need_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);

* The code modified by this patch is guarded by IS_ERR(trans_private),
  where trans_private is assigned as per the previous point in this analysis.

  The only implementation of get_mr that I could locate is rds_ib_get_mr()
  which can return an ERR_PTR if the conn (4th) argument is NULL.

* ret is set to PTR_ERR(trans_private).
  rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.
  Thus ret may be -ENODEV in which case the code in question will execute.

Conclusion:
* cp may be NULL at the point where this patch adds a check;
  this patch does seem to address a possible bug
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.310 < 4.19.312
LinuxLinux Kernel Version >= 5.4.272 < 5.7.274
LinuxLinux Kernel Version >= 5.10.213 < 5.10.215
LinuxLinux Kernel Version >= 5.15.152 < 5.15.154
LinuxLinux Kernel Version >= 6.1.82 < 6.1.85
LinuxLinux Kernel Version >= 6.6.22 < 6.6.26
LinuxLinux Kernel Version >= 6.7.10 < 6.8.5
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.124
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Mailing List
https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b
Patch
https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a
Patch
https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d
Patch
https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9
Patch
https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196
Patch
https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14
Patch
https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c
Patch
https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html