Executive Summary

Informations
Name CVE-2024-36476 First vendor Publication 2025-01-15
Vendor Cve Last vendor Modification 2025-01-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rtrs: Ensure 'ib_sge list' is accessible

Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function.

Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1].
? __die_body.cold+0x19/0x27
? page_fault_oops+0x15a/0x2d0
? search_module_extables+0x19/0x60
? search_bpf_extables+0x5f/0x80
? exc_page_fault+0x7e/0x180
? asm_exc_page_fault+0x26/0x30
? memcpy_orig+0xd5/0x140
rxe_mr_copy+0x1c3/0x200 [rdma_rxe]
? rxe_pool_get_index+0x4b/0x80 [rdma_rxe]
copy_data+0xa5/0x230 [rdma_rxe]
rxe_requester+0xd9b/0xf70 [rdma_rxe]
? finish_task_switch.isra.0+0x99/0x2e0
rxe_sender+0x13/0x40 [rdma_rxe]
do_task+0x68/0x1e0 [rdma_rxe]
process_one_work+0x177/0x330
worker_thread+0x252/0x390
? __pfx_worker_thread+0x10/0x10

This change ensures the variable is available for subsequent operations that require it.

[1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36476

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9
Os 3739

Sources (Detail)

https://git.kernel.org/stable/c/143378075904e78b3b2a810099bcc3b3d82d762f
https://git.kernel.org/stable/c/32e1e748a85bd52b20b3857d80fd166d22fa455a
https://git.kernel.org/stable/c/6ffb5c1885195ae5211a12b4acd2d51843ca41b0
https://git.kernel.org/stable/c/7eaa71f56a6f7ab87957213472dc6d4055862722
https://git.kernel.org/stable/c/b238f61cc394d5fef27b26d7d9aa383ebfddabb0
https://git.kernel.org/stable/c/fb514b31395946022f13a08e06a435f53cf9e8b3
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Date Informations
2025-07-14 12:32:49
  • Multiple Updates
2025-06-26 02:31:36
  • Multiple Updates
2025-06-25 12:31:13
  • Multiple Updates
2025-06-24 02:36:15
  • Multiple Updates
2025-05-27 02:39:52
  • Multiple Updates
2025-03-29 03:37:00
  • Multiple Updates
2025-03-28 13:42:32
  • Multiple Updates
2025-03-28 03:15:47
  • Multiple Updates
2025-03-25 03:24:18
  • Multiple Updates
2025-03-19 03:11:15
  • Multiple Updates
2025-03-18 03:24:06
  • Multiple Updates
2025-03-14 03:11:30
  • Multiple Updates
2025-03-06 14:07:54
  • Multiple Updates
2025-02-22 03:21:19
  • Multiple Updates
2025-01-21 21:20:43
  • Multiple Updates
2025-01-15 17:20:30
  • First insertion