5.5

CVE-2024-50062

RDMA/rtrs-srv: Avoid null pointer deref during path establishment

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rtrs-srv: Avoid null pointer deref during path establishment

For RTRS path establishment, RTRS client initiates and completes con_num
of connections. After establishing all its connections, the information
is exchanged between the client and server through the info_req message.
During this exchange, it is essential that all connections have been
established, and the state of the RTRS srv path is CONNECTED.

So add these sanity checks, to make sure we detect and abort process in
error scenarios to avoid null pointer deref.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.15.168
LinuxLinux Kernel Version >= 5.16 < 6.1.113
LinuxLinux Kernel Version >= 6.2 < 6.6.57
LinuxLinux Kernel Version >= 6.7 < 6.11.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.122
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/394b2f4d5e014820455af3eb5859eb328eaafcfd
Patch
https://git.kernel.org/stable/c/b5d4076664465487a9a3d226756995b12fb73d71
Patch
https://git.kernel.org/stable/c/b720792d7e8515bc695752e0ed5884e2ea34d12a
Patch
https://git.kernel.org/stable/c/ccb8e44ae3e2391235f80ffc6be59bec6b889ead
Patch
https://git.kernel.org/stable/c/d0e62bf7b575fbfe591f6f570e7595dd60a2f5eb
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html