Md Haris Iqbal

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: The issue concerns a null pointer dereference during RDMA/rtrs-srv path establishment. In this process, the RTRS client initiates and completes a number of connections, and after all connections are established, information is exchanged between the client and server through the `info req` message. It is crucial that all connections are established and the state of the RTRS srv path is `CONNECTED` during this exchange. To address this, sanity checks have been added to detect and abort the process in error scenarios, thus avoiding the null pointer dereference. Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider adding sanity checks to ensure all connections are established before exchanging information through the `info req` message. Restrict access to the RDMA/rtrs-srv module to minimize the risk of exploitation until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.58 **Description** A vulnerability has been resolved in the Linux kernel, specifically in the RDMA/rtrs-clt component. The issue occurs in the `init conns()` function, where out-of-bounds memory is accessed due to the `cid` being set to `clt path->s.con num`. This is fixed by resetting the `cid` to `clt path->s.con num - 1` to stay within bounds during the cleanup loop. **Recommendations** For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the `init conns()` function until a patch is available. Additionally, avoid using the `cid` variable in the affected `init conns()` function until the issue is resolved.