cve/published/2024/CVE-2024-47749.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-47749: RDMA/cxgb4: Added NULL check for lookup_atid

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 RDMA/cxgb4: Added NULL check for lookup_atid

 The lookup_atid() function can return NULL if the ATID is
 invalid or does not exist in the identifier table, which
 could lead to dereferencing a null pointer without a
 check in the `act_establish()` and `act_open_rpl()` functions.
 Add a NULL check to prevent null pointer dereferencing.

 Found by Linux Verification Center (linuxtesting.org) with SVACE.

 The Linux kernel CVE team has assigned CVE-2024-47749 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 4.19.323 with commit b12e25d91c7f97958341538c7dc63ee49d01548f
 	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 5.4.285 with commit 4e1fe68d695af367506ea3c794c5969630f21697
 	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 5.10.227 with commit dd598ac57dcae796cb58551074660c39b43fb155
 	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 5.15.168 with commit b11318dc8a1ec565300bb1a9073095af817cc508
 	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.1.113 with commit 39cb9f39913566ec5865581135f3e8123ad1aee1
 	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.6.54 with commit 0d50ae281a1712b9b2ca72830a96b8f11882358d
 	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.10.13 with commit 54aaa3ed40972511e423b604324b881425b9ff1e
 	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.11.2 with commit b9c94c8ba5a713817cffd74c4bacc05187469624
 	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.12 with commit e766e6a92410ca269161de059fff0843b8ddd65f

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-47749
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/infiniband/hw/cxgb4/cm.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b12e25d91c7f97958341538c7dc63ee49d01548f
 	https://git.kernel.org/stable/c/4e1fe68d695af367506ea3c794c5969630f21697
 	https://git.kernel.org/stable/c/dd598ac57dcae796cb58551074660c39b43fb155
 	https://git.kernel.org/stable/c/b11318dc8a1ec565300bb1a9073095af817cc508
 	https://git.kernel.org/stable/c/39cb9f39913566ec5865581135f3e8123ad1aee1
 	https://git.kernel.org/stable/c/0d50ae281a1712b9b2ca72830a96b8f11882358d
 	https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e
 	https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624
 	https://git.kernel.org/stable/c/e766e6a92410ca269161de059fff0843b8ddd65f
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-47749: RDMA/cxgb4: Added NULL check for lookup_atid

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	RDMA/cxgb4: Added NULL check for lookup_atid

	The lookup_atid() function can return NULL if the ATID is
	invalid or does not exist in the identifier table, which
	could lead to dereferencing a null pointer without a
	check in the `act_establish()` and `act_open_rpl()` functions.
	Add a NULL check to prevent null pointer dereferencing.

	Found by Linux Verification Center (linuxtesting.org) with SVACE.

	The Linux kernel CVE team has assigned CVE-2024-47749 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 4.19.323 with commit b12e25d91c7f97958341538c7dc63ee49d01548f
	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 5.4.285 with commit 4e1fe68d695af367506ea3c794c5969630f21697
	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 5.10.227 with commit dd598ac57dcae796cb58551074660c39b43fb155
	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 5.15.168 with commit b11318dc8a1ec565300bb1a9073095af817cc508
	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.1.113 with commit 39cb9f39913566ec5865581135f3e8123ad1aee1
	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.6.54 with commit 0d50ae281a1712b9b2ca72830a96b8f11882358d
	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.10.13 with commit 54aaa3ed40972511e423b604324b881425b9ff1e
	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.11.2 with commit b9c94c8ba5a713817cffd74c4bacc05187469624
	Issue introduced in 2.6.35 with commit cfdda9d764362ab77b11a410bb928400e6520d57 and fixed in 6.12 with commit e766e6a92410ca269161de059fff0843b8ddd65f

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-47749
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/infiniband/hw/cxgb4/cm.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b12e25d91c7f97958341538c7dc63ee49d01548f
	https://git.kernel.org/stable/c/4e1fe68d695af367506ea3c794c5969630f21697
	https://git.kernel.org/stable/c/dd598ac57dcae796cb58551074660c39b43fb155
	https://git.kernel.org/stable/c/b11318dc8a1ec565300bb1a9073095af817cc508
	https://git.kernel.org/stable/c/39cb9f39913566ec5865581135f3e8123ad1aee1
	https://git.kernel.org/stable/c/0d50ae281a1712b9b2ca72830a96b8f11882358d
	https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e
	https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624
	https://git.kernel.org/stable/c/e766e6a92410ca269161de059fff0843b8ddd65f