Linux · Linux Kernel · CVE-2024-35902
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The vulnerability is related to a possible null dereference in the net/rds component of the Linux kernel. The issue arises when the `cp` parameter is null, and the code attempts to access `cp->cp conn`, leading to a null dereference. The vulnerability can be exploited to cause a denial of service. The `cp` parameter is not reassigned and is passed as null by certain call-sites, including `rds get mr()` and `rds get mr for dest()`. The code modified by the patch is guarded by `IS ERR(trans private)`, where `trans private` is assigned based on the `get mr()` function, which can return an error pointer if the connection argument is null.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.