| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix possible cp null dereference\n\ncp might be null, calling cp->cp_conn would produce null dereference\n\n[Simon Horman adds:]\n\nAnalysis:\n\n* cp is a parameter of __rds_rdma_map and is not reassigned.\n\n* The following call-sites pass a NULL cp argument to __rds_rdma_map()\n\n - rds_get_mr()\n - rds_get_mr_for_dest\n\n* Prior to the code above, the following assumes that cp may be NULL\n (which is indicative, but could itself be unnecessary)\n\n\ttrans_private = rs->rs_transport->get_mr(\n\t\tsg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL,\n\t\targs->vec.addr, args->vec.bytes,\n\t\tneed_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);\n\n* The code modified by this patch is guarded by IS_ERR(trans_private),\n where trans_private is assigned as per the previous point in this analysis.\n\n The only implementation of get_mr that I could locate is rds_ib_get_mr()\n which can return an ERR_PTR if the conn (4th) argument is NULL.\n\n* ret is set to PTR_ERR(trans_private).\n rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.\n Thus ret may be -ENODEV in which case the code in question will execute.\n\nConclusion:\n* cp may be NULL at the point where this patch adds a check;\n this patch does seem to address a possible bug" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/rds/rdma.c" |
| ], |
| "versions": [ |
| { |
| "version": "786854141057751bc08eb26f1b02e97c1631c8f4", |
| "lessThan": "d275de8ea7be3a453629fddae41d4156762e814c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "997efea2bf3a4adb96c306b9ad6a91442237bf5b", |
| "lessThan": "bcd46782e2ec3825d10c1552fcb674d491cc09f9", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "9dfc15a10dfd44f8ff7f27488651cb5be6af83c2", |
| "lessThan": "cfb786b03b03c5ff38882bee38525eb9987e4d14", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "b562ebe21ed9adcf42242797dd6cb75beef12bf0", |
| "lessThan": "d49fac38479bfdaec52b3ea274d290c47a294029", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "998fd719e6d6468b930ac0c44552ea9ff8b07b80", |
| "lessThan": "cbaac2e5488ed54833897264a5ffb2a341a9f196", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "2b505d05280739ce31d5708da840f42df827cb85", |
| "lessThan": "92309bed3c5fbe2ccd4c45056efd42edbd06162d", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "c055fc00c07be1f0df7375ab0036cebd1106ed38", |
| "lessThan": "6794090c742008c53b344b35b021d4a3093dc50a", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "c055fc00c07be1f0df7375ab0036cebd1106ed38", |
| "lessThan": "62fc3357e079a07a22465b9b6ef71bb6ea75ee4b", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "907761307469adecb02461a14120e9a1812a5fb1", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/rds/rdma.c" |
| ], |
| "versions": [ |
| { |
| "version": "6.8", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "6.8", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.312", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.274", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.215", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.154", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.85", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.26", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.8.5", |
| "lessThanOrEqual": "6.8.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.9", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.19.310", |
| "versionEndExcluding": "4.19.312" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4.272", |
| "versionEndExcluding": "5.4.274" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.10.213", |
| "versionEndExcluding": "5.10.215" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.15.152", |
| "versionEndExcluding": "5.15.154" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.1.82", |
| "versionEndExcluding": "6.1.85" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.6.22", |
| "versionEndExcluding": "6.6.26" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.8", |
| "versionEndExcluding": "6.8.5" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.8", |
| "versionEndExcluding": "6.9" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.7.10" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b" |
| } |
| ], |
| "title": "net/rds: fix possible cp null dereference", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-35902", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
