CVE-2024-35902: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-sites pass a NULL cp argument to __rds_rdma_map() - rds_get_mr() - rds_get_mr_for_dest * Prior to the code above, the following assumes that cp may be NULL (which is indicative, but could itself be unnecessary) trans_private = rs->rs_transport->get_mr( sg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL, args->vec.addr, args->vec.bytes, need_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED); * The code modified by this patch is guarded by IS_ERR(trans_private), where trans_private is assigned as per the previous point in this analysis. The only implementation of get_mr that I could locate is rds_ib_get_mr() which can return an ERR_PTR if the conn (4th) argument is NULL. * ret is set to PTR_ERR(trans_private). rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL. Thus ret may be -ENODEV in which case the code in question will execute. Conclusion: * cp may be NULL at the point where this patch adds a check; this patch does seem to address a possible bug
AI Analysis
Technical Summary
CVE-2024-35902 is a vulnerability identified in the Linux kernel's Reliable Datagram Sockets (RDS) subsystem, specifically within the Remote Direct Memory Access (RDMA) mapping functionality. The issue arises due to a potential null pointer dereference involving the 'cp' parameter in the __rds_rdma_map function. The 'cp' parameter, which represents a connection pointer, can be null when passed from certain call-sites such as rds_get_mr() and rds_get_mr_for_dest(). Prior to the patch, the code assumed 'cp' might be null but did not adequately handle this scenario, leading to a situation where dereferencing cp->cp_conn could cause a null pointer dereference and potentially crash the kernel or cause undefined behavior. The vulnerability is mitigated by adding a check to ensure 'cp' is not null before dereferencing it. The underlying problem is that the get_mr() function implementation (specifically rds_ib_get_mr()) can return an error pointer if the connection argument is null, which was not properly accounted for. This bug is essentially a robustness issue in the kernel's RDS RDMA code path, which could lead to denial of service (DoS) conditions if exploited, as a null dereference in kernel space typically results in a kernel panic or crash. There is no indication that this vulnerability allows privilege escalation or remote code execution. No known exploits are currently reported in the wild. The affected Linux kernel versions include several commits identified by their hashes, indicating the vulnerability is present in recent kernel versions prior to the patch. The patch adds necessary null checks to prevent the dereference. This vulnerability is primarily a stability and availability concern within Linux systems using RDS over RDMA, which is commonly used in high-performance computing and data center environments.
Potential Impact
For European organizations, the primary impact of CVE-2024-35902 is the potential for denial of service due to kernel crashes triggered by null pointer dereferences in the Linux kernel's RDS RDMA subsystem. Organizations relying on Linux servers with RDS over RDMA enabled—such as those in cloud service providers, research institutions, financial services, and telecommunications—may experience service interruptions or system instability if the vulnerability is triggered. While this vulnerability does not appear to allow unauthorized access or data compromise, the resulting downtime could disrupt critical services, especially in environments requiring high availability and low latency. Given the use of RDMA in high-performance computing clusters and data centers, affected systems could see degraded performance or outages, impacting business operations and service delivery. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug. European organizations with Linux-based infrastructure should prioritize patching to maintain system stability and avoid potential operational disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-35902 as soon as they become available from trusted sources or Linux distribution vendors. 2. For organizations using custom or upstream kernels, monitor kernel mailing lists and repositories for the patch and integrate it promptly into their build pipelines. 3. Disable RDS over RDMA functionality if it is not required in the environment to reduce the attack surface. 4. Implement robust monitoring of kernel logs and system stability metrics to detect early signs of null pointer dereference crashes or related kernel panics. 5. In virtualized or containerized environments, isolate critical workloads to minimize the impact of potential kernel crashes. 6. Conduct thorough testing of kernel updates in staging environments before deployment to production to ensure compatibility and stability. 7. Maintain up-to-date backups and disaster recovery plans to mitigate the impact of unexpected downtime. 8. Educate system administrators about this vulnerability and the importance of timely patching, especially in environments utilizing RDMA technologies.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland, Belgium, Italy
CVE-2024-35902: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-sites pass a NULL cp argument to __rds_rdma_map() - rds_get_mr() - rds_get_mr_for_dest * Prior to the code above, the following assumes that cp may be NULL (which is indicative, but could itself be unnecessary) trans_private = rs->rs_transport->get_mr( sg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL, args->vec.addr, args->vec.bytes, need_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED); * The code modified by this patch is guarded by IS_ERR(trans_private), where trans_private is assigned as per the previous point in this analysis. The only implementation of get_mr that I could locate is rds_ib_get_mr() which can return an ERR_PTR if the conn (4th) argument is NULL. * ret is set to PTR_ERR(trans_private). rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL. Thus ret may be -ENODEV in which case the code in question will execute. Conclusion: * cp may be NULL at the point where this patch adds a check; this patch does seem to address a possible bug
AI-Powered Analysis
Technical Analysis
CVE-2024-35902 is a vulnerability identified in the Linux kernel's Reliable Datagram Sockets (RDS) subsystem, specifically within the Remote Direct Memory Access (RDMA) mapping functionality. The issue arises due to a potential null pointer dereference involving the 'cp' parameter in the __rds_rdma_map function. The 'cp' parameter, which represents a connection pointer, can be null when passed from certain call-sites such as rds_get_mr() and rds_get_mr_for_dest(). Prior to the patch, the code assumed 'cp' might be null but did not adequately handle this scenario, leading to a situation where dereferencing cp->cp_conn could cause a null pointer dereference and potentially crash the kernel or cause undefined behavior. The vulnerability is mitigated by adding a check to ensure 'cp' is not null before dereferencing it. The underlying problem is that the get_mr() function implementation (specifically rds_ib_get_mr()) can return an error pointer if the connection argument is null, which was not properly accounted for. This bug is essentially a robustness issue in the kernel's RDS RDMA code path, which could lead to denial of service (DoS) conditions if exploited, as a null dereference in kernel space typically results in a kernel panic or crash. There is no indication that this vulnerability allows privilege escalation or remote code execution. No known exploits are currently reported in the wild. The affected Linux kernel versions include several commits identified by their hashes, indicating the vulnerability is present in recent kernel versions prior to the patch. The patch adds necessary null checks to prevent the dereference. This vulnerability is primarily a stability and availability concern within Linux systems using RDS over RDMA, which is commonly used in high-performance computing and data center environments.
Potential Impact
For European organizations, the primary impact of CVE-2024-35902 is the potential for denial of service due to kernel crashes triggered by null pointer dereferences in the Linux kernel's RDS RDMA subsystem. Organizations relying on Linux servers with RDS over RDMA enabled—such as those in cloud service providers, research institutions, financial services, and telecommunications—may experience service interruptions or system instability if the vulnerability is triggered. While this vulnerability does not appear to allow unauthorized access or data compromise, the resulting downtime could disrupt critical services, especially in environments requiring high availability and low latency. Given the use of RDMA in high-performance computing clusters and data centers, affected systems could see degraded performance or outages, impacting business operations and service delivery. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug. European organizations with Linux-based infrastructure should prioritize patching to maintain system stability and avoid potential operational disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-35902 as soon as they become available from trusted sources or Linux distribution vendors. 2. For organizations using custom or upstream kernels, monitor kernel mailing lists and repositories for the patch and integrate it promptly into their build pipelines. 3. Disable RDS over RDMA functionality if it is not required in the environment to reduce the attack surface. 4. Implement robust monitoring of kernel logs and system stability metrics to detect early signs of null pointer dereference crashes or related kernel panics. 5. In virtualized or containerized environments, isolate critical workloads to minimize the impact of potential kernel crashes. 6. Conduct thorough testing of kernel updates in staging environments before deployment to production to ensure compatibility and stability. 7. Maintain up-to-date backups and disaster recovery plans to mitigate the impact of unexpected downtime. 8. Educate system administrators about this vulnerability and the importance of timely patching, especially in environments utilizing RDMA technologies.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.114Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbddca6
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 3:26:09 AM
Last updated: 8/1/2025, 1:26:25 AM
Views: 12
Related Threats
CVE-2025-40920: CWE-340 Generation of Predictable Numbers or Identifiers in ETHER Catalyst::Authentication::Credential::HTTP
UnknownCarmaker’s Portal Vulnerability Could Have Allowed Hackers to Unlock Vehicles and Access Data
MediumCVE-2025-8285: CWE-862: Missing Authorization in Mattermost Mattermost Confluence Plugin
MediumCVE-2025-54525: CWE-1287: Improper Validation of Specified Type of Input in Mattermost Mattermost Confluence Plugin
HighCVE-2025-54478: CWE-306: Missing Authentication for Critical Function in Mattermost Mattermost Confluence Plugin
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.