CVE-2024-47695 in Linuxinfo

Summary

by MITRE • 10/21/2024

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds

In the function init_conns(), after the create_con() and create_cm() for loop if something fails. In the cleanup for loop after the destroy tag, we access out of bound memory because cid is set to clt_path->s.con_num.

This commits resets the cid to clt_path->s.con_num - 1, to stay in bounds in the cleanup loop later.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 01/19/2026

The vulnerability identified as CVE-2024-47695 resides within the Linux kernel's RDMA/rtrs-clt subsystem, specifically affecting the initialization and cleanup processes of RDMA connections. This flaw manifests in the init_conns() function where a loop iterates through connection creation operations using create_con() and create_cm() functions. The issue emerges when these operations fail during the initialization phase, creating a scenario where subsequent cleanup operations attempt to access memory locations beyond the allocated bounds. The root cause stems from improper index management where the cid variable retains an invalid value during cleanup operations, leading to potential memory corruption and system instability.

The technical implementation flaw represents a classic buffer overread vulnerability that aligns with CWE-125, which describes out-of-bounds read conditions. The vulnerability occurs when the cleanup loop attempts to access memory using cid set to clt_path->s.con_num rather than the proper boundary value. This improper index management creates a scenario where memory access operations extend beyond the valid array boundaries, potentially allowing malicious actors to exploit this condition for privilege escalation or denial of service attacks. The vulnerability demonstrates a lack of proper bounds checking in the cleanup routine, which is a fundamental security principle that should be enforced in all memory management operations.

From an operational impact perspective, this vulnerability affects systems utilizing RDMA (Remote Direct Memory Access) networking capabilities, particularly those implementing the rtrs-clt (Remote Target RDMA Client) functionality. The exploitation of this vulnerability could lead to system crashes, data corruption, or potentially unauthorized privilege escalation within the kernel space. Attackers could leverage this flaw to disrupt network services or gain elevated privileges on affected systems. The vulnerability is particularly concerning in enterprise environments where RDMA is commonly used for high-performance computing and data center networking. The ATT&CK framework categorizes this vulnerability under T1068, which involves exploiting legitimate credentials or privileges, as the flaw could enable unauthorized access to kernel resources.

The mitigation strategy for CVE-2024-47695 involves applying the kernel patch that resets the cid variable to clt_path->s.con_num - 1 during cleanup operations, ensuring proper bounds adherence. System administrators should prioritize updating their Linux kernel versions to include this fix, particularly in production environments where RDMA functionality is in use. Additionally, monitoring for unusual system behavior or kernel panics following network operations could help identify potential exploitation attempts. The fix demonstrates proper defensive programming practices that align with secure coding guidelines and helps prevent similar issues in future implementations. Organizations should also consider implementing network segmentation and access controls to limit potential attack vectors that could exploit this vulnerability.

Responsible

Linux

Reservation

09/30/2024

Disclosure

10/21/2024

Moderation

accepted

CPE

ready

EPSS

0.00245

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!