CVE-2024-50062

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: The issue concerns a null pointer dereference during RDMA/rtrs-srv path establishment. In this process, the RTRS client initiates and completes a number of connections, and after all connections are established, information is exchanged between the client and server through the info req message. It is crucial that all connections are established and the state of the RTRS srv path is CONNECTED during this exchange. To address this, sanity checks have been added to detect and abort the process in error scenarios, thus avoiding the null pointer dereference.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider adding sanity checks to ensure all connections are established before exchanging information through the info req message. Restrict access to the RDMA/rtrs-srv module to minimize the risk of exploitation until the update is applied.