In the Linux kernel, the following vulnerability has been resolved:
RDMA/siw: Fix potential NULL pointer dereference in header processing
If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),
qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data()
dereferences qp->rx_fpdu->more_ddp_segs without checking, which
may lead to a NULL pointer deref. Only check more_ddp_segs when
rx_fpdu is present.
KASAN splat:
[ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]
[ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
References 8
https://git.kernel.org/stable/c/14ab3da122bd18920ad57428f6cf4fade8385142
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/714c99e1dc8f85f446e05be02ba83972e981a817
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8564dcc12fbb372d984ab45768cae9335777b274
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/87b7a036d2c73d5bb3ae2d47dee23de465db3355
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ab61841633d10e56a58c1493a262f0d02dba2f5e
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ab957056192d6bd068b3759cb2077d859cca01f0
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ce025f7f5d070596194315eb2e4e89d568b8a755
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ffba40b67663567481fa8a1ed5d2da36897c175d
416baaa9-dc9f-4396-8d5f-8c081fb06d67