In the Linux kernel, the following vulnerability has been resolved:
net/rds: fix possible cp null dereference cp might be null, calling
cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: *
cp is a parameter of __rds_rdma_map and is not reassigned. * The following
call-sites pass a NULL cp argument to __rds_rdma_map() - rds_get_mr() -
rds_get_mr_for_dest * Prior to the code above, the following assumes that
cp may be NULL (which is indicative, but could itself be unnecessary)
trans_private = rs->rs_transport->get_mr( sg, nents, rs, &mr->r_key, cp ?
cp->cp_conn : NULL, args->vec.addr, args->vec.bytes, need_odp ?
ODP_ZEROBASED : ODP_NOT_NEEDED); * The code modified by this patch is
guarded by IS_ERR(trans_private), where trans_private is assigned as per
the previous point in this analysis. The only implementation of get_mr that
I could locate is rds_ib_get_mr() which can return an ERR_PTR if the conn
(4th) argument is NULL. * ret is set to PTR_ERR(trans_private).
rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is
NULL. Thus ret may be -ENODEV in which case the code in question will
execute. Conclusion: * cp may be NULL at the point where this patch adds a
check; this patch does seem to address a possible bug
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < 5.15.0-116.126 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-38.38 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1065.71 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1011.12 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1065.71~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1068.77 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < 6.8.0-1010.10 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1068.77~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < 5.15.0-1068.77.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde-5.15 | < 5.15.0-1068.77~20.04.1.1 | UNKNOWN |
git.kernel.org/linus/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b (6.9-rc3)
git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b
git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a
git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d
git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9
git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196
git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14
git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c
git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029
launchpad.net/bugs/cve/CVE-2024-35902
nvd.nist.gov/vuln/detail/CVE-2024-35902
security-tracker.debian.org/tracker/CVE-2024-35902
ubuntu.com/security/notices/USN-6893-1
ubuntu.com/security/notices/USN-6893-2
ubuntu.com/security/notices/USN-6893-3
ubuntu.com/security/notices/USN-6898-1
ubuntu.com/security/notices/USN-6898-2
ubuntu.com/security/notices/USN-6898-3
ubuntu.com/security/notices/USN-6898-4
ubuntu.com/security/notices/USN-6917-1
ubuntu.com/security/notices/USN-6918-1
www.cve.org/CVERecord?id=CVE-2024-35902