CVE-2024-47749 is a vulnerability identified in the Linux kernel specifically within the RDMA (Remote Direct Memory Access) cxgb4 driver component. The issue arises from the lookup_atid() function, which is responsible for retrieving an Active Transport Identifier (ATID) from an identifier table. If an invalid or non-existent ATID is requested, lookup_atid() can return a NULL pointer. The vulnerability occurs because the functions act_establish() and act_open_rpl() do not perform a NULL check on the return value of lookup_atid() before dereferencing it. This leads to a potential NULL pointer dereference, which can cause a kernel crash (denial of service) or potentially lead to undefined behavior in the kernel. The flaw was discovered by the Linux Verification Center using static analysis tools (SVACE). The fix involves adding a NULL check after lookup_atid() calls to prevent dereferencing a NULL pointer. This vulnerability affects Linux kernel versions identified by the commit hash cfdda9d764362ab77b11a410bb928400e6520d57, indicating it is present in recent kernel builds prior to the patch. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability is technical and specific to the RDMA cxgb4 driver, which is used in high-performance networking environments that utilize RDMA over Converged Ethernet (RoCE) with Chelsio T4/T5/T6 network adapters. Exploitation would likely require local access or network conditions that trigger the vulnerable code path, potentially causing a denial of service via kernel panic or system crash.

For European organizations, the primary impact of CVE-2024-47749 is the risk of denial of service on Linux systems running vulnerable kernel versions with RDMA cxgb4 drivers enabled. This could disrupt critical services, especially in data centers, HPC clusters, and financial institutions that rely on low-latency, high-throughput networking provided by RDMA technology. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting kernel crash could cause downtime, data loss in volatile memory, and operational interruptions. Organizations using Linux servers with Chelsio network adapters in environments such as cloud infrastructure, telecommunications, and research institutions may be particularly affected. Given the lack of known exploits, the immediate risk is moderate, but unpatched systems remain vulnerable to accidental or malicious triggering of the flaw. The impact on confidentiality and integrity is low, but availability impact is medium to high depending on the criticality of affected systems.

European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-47749. Specifically, they should ensure that their kernel versions are newer than the commit cfdda9d764362ab77b11a410bb928400e6520d57 or apply vendor-provided patches addressing this issue. Network administrators should audit their environments to identify systems using the cxgb4 driver and RDMA functionality, especially those with Chelsio T4/T5/T6 adapters. If immediate patching is not feasible, disabling RDMA or the cxgb4 driver temporarily can mitigate the risk of exploitation. Additionally, organizations should implement robust monitoring for kernel crashes and system instability that could indicate attempts to trigger this vulnerability. Incorporating kernel crash dump analysis and alerting can help detect exploitation attempts. Finally, restricting access to systems with RDMA capabilities to trusted users and networks reduces the attack surface.