CVE-2024-53229 in Linux
Summary
by MITRE • 12/27/2024
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix the qp flush warnings in req
When the qp is in error state, the status of WQEs in the queue should be set to error. Or else the following will appear.
[ 920.617269] WARNING: CPU: 1 PID: 21 at drivers/infiniband/sw/rxe/rxe_comp.c:756 rxe_completer+0x989/0xcc0 [rdma_rxe]
[ 920.617744] Modules linked in: rnbd_client(O) rtrs_client(O) rtrs_core(O) rdma_ucm rdma_cm iw_cm ib_cm crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel ib_uverbs ib_core loop brd null_blk ipv6
[ 920.618516] CPU: 1 PID: 21 Comm: ksoftirqd/1 Tainted: G O 6.1.113-storage+ #65
[ 920.618986] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 920.619396] RIP: 0010:rxe_completer+0x989/0xcc0 [rdma_rxe]
[ 920.619658] Code: 0f b6 84 24 3a 02 00 00 41 89 84 24 44 04 00 00 e9 2a f7 ff ff 39 ca bb 03 00 00 00 b8 0e 00 00 00 48 0f 45 d8 e9 15 f7 ff ff 0b e9 cb f8 ff ff 41 bf f5 ff ff ff e9 08 f8 ff ff 49 8d bc 24
[ 920.620482] RSP: 0018:ffff97b7c00bbc38 EFLAGS: 00010246
[ 920.620817] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000008
[ 920.621183] RDX: ffff960dc396ebc0 RSI: 0000000000005400 RDI: ffff960dc4e2fbac
[ 920.621548] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffffac406450
[ 920.621884] R10: ffffffffac4060c0 R11: 0000000000000001 R12: ffff960dc4e2f800
[ 920.622254] R13: ffff960dc4e2f928 R14: ffff97b7c029c580 R15: 0000000000000000
[ 920.622609] FS: 0000000000000000(0000) GS:ffff960ef7d00000(0000) knlGS:0000000000000000
[ 920.622979] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 920.623245] CR2: 00007fa056965e90 CR3: 00000001107f1000 CR4: 00000000000006e0
[ 920.623680] Call Trace:
[ 920.623815]
[ 920.623933] ? __warn+0x79/0xc0
[ 920.624116] ? rxe_completer+0x989/0xcc0 [rdma_rxe]
[ 920.624356] ? report_bug+0xfb/0x150
[ 920.624594] ? handle_bug+0x3c/0x60
[ 920.624796] ? exc_invalid_op+0x14/0x70
[ 920.624976] ? asm_exc_invalid_op+0x16/0x20
[ 920.625203] ? rxe_completer+0x989/0xcc0 [rdma_rxe]
[ 920.625474] ? rxe_completer+0x329/0xcc0 [rdma_rxe]
[ 920.625749] rxe_do_task+0x80/0x110 [rdma_rxe]
[ 920.626037] rxe_requester+0x625/0xde0 [rdma_rxe]
[ 920.626310] ? rxe_cq_post+0xe2/0x180 [rdma_rxe]
[ 920.626583] ? do_complete+0x18d/0x220 [rdma_rxe]
[ 920.626812] ? rxe_completer+0x1a3/0xcc0 [rdma_rxe]
[ 920.627050] rxe_do_task+0x80/0x110 [rdma_rxe]
[ 920.627285] tasklet_action_common.constprop.0+0xa4/0x120
[ 920.627522] handle_softirqs+0xc2/0x250
[ 920.627728] ? sort_range+0x20/0x20
[ 920.627942] run_ksoftirqd+0x1f/0x30
[ 920.628158] smpboot_thread_fn+0xc7/0x1b0
[ 920.628334] kthread+0xd6/0x100
[ 920.628504] ? kthread_complete_and_exit+0x20/0x20
[ 920.628709] ret_from_fork+0x1f/0x30
[ 920.628892]
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/15/2025
The vulnerability CVE-2024-53229 resides within the Linux kernel's RDMA over Ethernet (rxe) driver, specifically in the handling of queue pair (QP) flush operations during error states. This flaw manifests as a warning message indicating an improper state transition in the work queue elements (WQEs) when a QP enters an error state. The root cause lies in the failure to correctly update the status of WQEs to reflect an error condition, which leads to inconsistent internal state management within the driver's completion handling mechanism. The warning originates from the rxe_completer function located at drivers/infiniband/sw/rxe/rxe_comp.c:756, where an invalid memory access pattern is triggered due to improper state handling during asynchronous completion processing.
The technical nature of this vulnerability stems from a lack of proper error state propagation within the RDMA software driver stack. When a queue pair encounters an error condition, the driver should ensure that all pending work queue elements transition to an error state before any further processing occurs. However, the current implementation fails to perform this critical state update, causing subsequent completion processing to reference invalid or stale data structures. This behavior aligns with CWE-691, which addresses insufficient control flow management and improper state handling in security-critical systems. The error condition leads to a kernel warning that indicates a potential memory access violation, suggesting that the driver's completion engine attempts to access memory locations that are no longer valid or properly initialized.
The operational impact of this vulnerability extends beyond simple warning messages, as it can lead to system instability and potential denial of service conditions within RDMA-enabled environments. When the rxe driver encounters an error state during work queue processing, the failure to properly mark WQEs as errored can cause cascading failures in the completion processing pipeline. This may result in kernel oops, system hangs, or unexpected behavior in applications relying on RDMA communication. The vulnerability affects systems using the rxe software RDMA implementation, particularly those running kernel versions that include the affected driver code. The issue is particularly concerning in high-performance computing environments where RDMA is used for low-latency communication between nodes, as any instability in the software RDMA layer can severely impact cluster performance and reliability.
Mitigation strategies for CVE-2024-53229 focus primarily on applying the kernel patch that correctly implements the error state handling for work queue elements. System administrators should ensure that all affected systems are updated to a kernel version containing the fix, which properly sets the WQE status to error when a QP enters an error state. Additionally, monitoring for kernel warnings related to the rxe driver should be implemented to detect potential occurrences of this issue before they escalate into more serious problems. Organizations using rxe for development or testing purposes should consider implementing additional error handling and recovery mechanisms within their applications to gracefully handle potential driver inconsistencies. This vulnerability also highlights the importance of proper state management in kernel drivers, particularly those handling asynchronous operations, and aligns with ATT&CK technique T1547.006 for kernel-level persistence mechanisms that may be exploited if such state inconsistencies are not properly addressed.