CVE-2024-26744

RDMA/srpt: Support specifying the srpt_service_guid parameter

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

RDMA/srpt: Support specifying the srpt_service_guid parameter

Make loading ib_srpt with this parameter set work. The current behavior is
that setting that parameter while loading the ib_srpt kernel module
triggers the following kernel crash:

BUG: kernel NULL pointer dereference, address: 0000000000000000
Call Trace:
<TASK>
parse_one+0x18c/0x1d0
parse_args+0xe1/0x230
load_module+0x8de/0xa60
init_module_from_file+0x8b/0xd0
idempotent_init_module+0x181/0x240
__x64_sys_finit_module+0x5a/0xb0
do_syscall_64+0x5f/0xe0
entry_SYSCALL_64_after_hwframe+0x6e/0x76

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/srpt: admite la especificación del parámetro srpt_service_guid. Hace que la carga de ib_srpt con este conjunto de parámetros funcione. El comportamiento actual es que configurar ese parámetro mientras se carga el módulo del kernel ib_srpt desencadena el siguiente fallo del kernel: ERROR: desreferencia del puntero NULL del kernel, dirección: 0000000000000000 Seguimiento de llamadas: parse_one+0x18c/0x1d0 parse_args+0xe1/0x230 load_module+0x8de/ 0xa60 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x181/0x240 __x64_sys_finit_module+0x5a/0xb0 do_syscall_64+0x5f/0xe0 Entry_SYSCALL_64_after_hwframe+0x6e/0x76

A flaw was foundin the Linux Kernel when specifying the srpt_service_guid parameter, which may lead to kernel crash.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-03 CVE Published
2024-04-04 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b	2024-03-01
https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82	2024-03-01
https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4	2024-03-01
https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8	2024-03-01
https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f	2024-03-01
https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d	2024-03-01
https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0	2024-02-05

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26744	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2273260	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 4.19.308 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 4.19.308"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 5.10.211 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 5.10.211"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 5.15.150 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 5.15.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 6.1.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 6.1.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 6.6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 6.6.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 6.7.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 6.7.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 6.8"		en		Affected