PT-2024-32746 · Linux+7 · Linux Kernel+7
Md Haris Iqbal
·
Published
2024-08-28
·
Updated
2026-03-14
·
CVE-2024-47695
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.58
Description
A vulnerability has been resolved in the Linux kernel, specifically in the RDMA/rtrs-clt component. The issue occurs in the
init conns() function, where out-of-bounds memory is accessed due to the cid being set to clt path->s.con num. This is fixed by resetting the cid to clt path->s.con num - 1 to stay within bounds during the cleanup loop.Recommendations
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the
init conns() function until a patch is available. Additionally, avoid using the cid variable in the affected init conns() function until the issue is resolved.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu