CVE-2024-36476

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 This change ensures the variable is available for subsequent operations that require it. [1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/143378075904e78b3b2a810099bcc3b3d82d762f	Patch
https://git.kernel.org/stable/c/32e1e748a85bd52b20b3857d80fd166d22fa455a	Patch
https://git.kernel.org/stable/c/6ffb5c1885195ae5211a12b4acd2d51843ca41b0	Patch
https://git.kernel.org/stable/c/7eaa71f56a6f7ab87957213472dc6d4055862722	Patch
https://git.kernel.org/stable/c/b238f61cc394d5fef27b26d7d9aa383ebfddabb0	Patch
https://git.kernel.org/stable/c/fb514b31395946022f13a08e06a435f53cf9e8b3	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::

History

21 Jan 2025, 17:14

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/143378075904e78b3b2a810099bcc3b3d82d762f -~~	() https://git.kernel.org/stable/c/143378075904e78b3b2a810099bcc3b3d82d762f - Patch
References	~~() https://git.kernel.org/stable/c/32e1e748a85bd52b20b3857d80fd166d22fa455a -~~	() https://git.kernel.org/stable/c/32e1e748a85bd52b20b3857d80fd166d22fa455a - Patch
References	~~() https://git.kernel.org/stable/c/6ffb5c1885195ae5211a12b4acd2d51843ca41b0 -~~	() https://git.kernel.org/stable/c/6ffb5c1885195ae5211a12b4acd2d51843ca41b0 - Patch
References	~~() https://git.kernel.org/stable/c/7eaa71f56a6f7ab87957213472dc6d4055862722 -~~	() https://git.kernel.org/stable/c/7eaa71f56a6f7ab87957213472dc6d4055862722 - Patch
References	~~() https://git.kernel.org/stable/c/b238f61cc394d5fef27b26d7d9aa383ebfddabb0 -~~	() https://git.kernel.org/stable/c/b238f61cc394d5fef27b26d7d9aa383ebfddabb0 - Patch
References	~~() https://git.kernel.org/stable/c/fb514b31395946022f13a08e06a435f53cf9e8b3 -~~	() https://git.kernel.org/stable/c/fb514b31395946022f13a08e06a435f53cf9e8b3 - Patch
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rtrs: garantizar que 'ib_sge list' sea accesible Mueva la declaración de la variable 'ib_sge list' fuera del bloque 'always_invalidate' para garantizar que permanezca accesible para su uso en toda la función. Anteriormente, 'ib_sge list' se declaraba dentro del bloque 'always_invalidate', lo que limitaba su accesibilidad y luego causaba un 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 Este cambio garantiza que la variable esté disponible para operaciones posteriores que la requieran. [1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/

15 Jan 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-15 13:15

Updated : 2025-10-01 20:17

NVD link : CVE-2024-36476

Mitre link : CVE-2024-36476

CVE.ORG link : CVE-2024-36476

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10