Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2024-35902
HistoryMay 19, 2024 - 8:34 a.m.

CVE-2024-35902 net/rds: fix possible cp null dereference

2024-05-1908:34:55
Linux
github.com
5
linux kernel
net/rds
null dereference fix
security vulnerability
code analysis

AI Score

6.8

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

net/rds: fix possible cp null dereference

cp might be null, calling cp->cp_conn would produce null dereference

[Simon Horman adds:]

Analysis:

  • cp is a parameter of __rds_rdma_map and is not reassigned.

  • The following call-sites pass a NULL cp argument to __rds_rdma_map()

    • rds_get_mr()
    • rds_get_mr_for_dest

  • Prior to the code above, the following assumes that cp may be NULL
    (which is indicative, but could itself be unnecessary)

    trans_private = rs->rs_transport->get_mr(
    sg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL,
    args->vec.addr, args->vec.bytes,
    need_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);

  • The code modified by this patch is guarded by IS_ERR(trans_private),
    where trans_private is assigned as per the previous point in this analysis.

    The only implementation of get_mr that I could locate is rds_ib_get_mr()
    which can return an ERR_PTR if the conn (4th) argument is NULL.

  • ret is set to PTR_ERR(trans_private).
    rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.
    Thus ret may be -ENODEV in which case the code in question will execute.

Conclusion:

  • cp may be NULL at the point where this patch adds a check;
    this patch does seem to address a possible bug

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "786854141057",
        "lessThan": "d275de8ea7be",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "997efea2bf3a",
        "lessThan": "bcd46782e2ec",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "9dfc15a10dfd",
        "lessThan": "cfb786b03b03",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "b562ebe21ed9",
        "lessThan": "d49fac38479b",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "998fd719e6d6",
        "lessThan": "cbaac2e5488e",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "2b505d052807",
        "lessThan": "92309bed3c5f",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "c055fc00c07b",
        "lessThan": "6794090c7420",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "c055fc00c07b",
        "lessThan": "62fc3357e079",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "net/rds/rdma.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "6.8"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "6.8",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "4.19.312",
        "versionType": "custom",
        "lessThanOrEqual": "4.19.*"
      },
      {
        "status": "unaffected",
        "version": "5.4.274",
        "versionType": "custom",
        "lessThanOrEqual": "5.4.*"
      },
      {
        "status": "unaffected",
        "version": "5.10.215",
        "versionType": "custom",
        "lessThanOrEqual": "5.10.*"
      },
      {
        "status": "unaffected",
        "version": "5.15.154",
        "versionType": "custom",
        "lessThanOrEqual": "5.15.*"
      },
      {
        "status": "unaffected",
        "version": "6.1.85",
        "versionType": "custom",
        "lessThanOrEqual": "6.1.*"
      },
      {
        "status": "unaffected",
        "version": "6.6.26",
        "versionType": "custom",
        "lessThanOrEqual": "6.6.*"
      },
      {
        "status": "unaffected",
        "version": "6.8.5",
        "versionType": "custom",
        "lessThanOrEqual": "6.8.*"
      },
      {
        "status": "unaffected",
        "version": "6.9",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "net/rds/rdma.c"
    ],
    "defaultStatus": "affected"
  }
]

Related

debiancve 1
nvd 1
cvelist 1
redhatcve 1
cve 1
osv 13
ubuntucve 1
nessus 16
openvas 12
ubuntu 10
debiancve
debiancve
CVE-2024-35902
2024-05-19 09:15:11
nvd
nvd
CVE-2024-35902
2024-05-19 09:15:11
cvelist
cvelist
CVE-2024-35902 net/rds: fix possible cp null dereference
2024-05-19 08:34:55
redhatcve
redhatcve
CVE-2024-35902
2024-05-20 11:44:08
cve
cve
CVE-2024-35902
2024-05-19 09:15:11
osv
osv
CVE-2024-35902
2024-05-19 09:15:00
linux, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle vulnerabilities
2024-07-15 16:13:04
linux-aws-5.15 vulnerabilities
2024-07-23 09:43:14
ubuntucve
ubuntucve
CVE-2024-35902
2024-05-19 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6898-2)
2024-07-17 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6898-3)
2024-07-19 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6898-1)
2024-07-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6917-1)
2024-07-29 00:00:00
Ubuntu: Security Advisory (USN-6898-3)
2024-07-19 00:00:00
Ubuntu: Security Advisory (USN-6898-2)
2024-07-18 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-07-17 00:00:00
Linux kernel kernel vulnerabilities
2024-07-19 00:00:00
Linux kernel vulnerabilities
2024-07-15 00:00:00

AI Score

6.8

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-35902
debiancve1nvd1cvelist1redhatcve1cve1osv13ubuntucve1nessus16openvas12ubuntu10