CVE-2024-42080: Resolving RDMA/restrack Vulnerability in the Linux Kernel to Prevent Invalid Address Access

In the vast world of Linux kernel development, it is critical to constantly ensure that potential vulnerabilities are addressed. One such vulnerability that has recently been resolved is CVE-2024-42080. This security issue arose in the RDMA/restrack section of the Linux kernel and led to potential invalid address access. This post aims to provide a comprehensive overview of this vulnerability, code snippets demonstrating the issue, links to relevant references, and details on the exploit and its resolution.

Vulnerability Details

In the Linux kernel, a vulnerability was discovered in the RDMA/restrack subsystem, which is responsible for tracking RDMA resources. Specifically, the issue lies in the struct rdma_restrack_entry's kern_name being set to KBUILD_MODNAME in the ib_create_cq() function.

// In ib_create_cq()
restrack_cq->res.kern_name = KBUILD_MODNAME;

// In rdma_restrack_clean()
pr_err("RDMA CQ leak in %s\n", entry->kern_name);

When a module exits but forgets to delete this rdma_restrack_entry, an invalid address access occurs in the rdma_restrack_clean() function. This invalid address access happens when the function attempts to print the owner of the affected rdma_restrack_entry.

Originally, this code was used to help find one instance where a PD release had been forgotten in one of the ULPs (Upper Layer Protocols). However, it is no longer necessary to keep this code in the kernel.

Resolution

To address this vulnerability, the code in question has been removed from the Linux kernel. This not only resolves the risk of invalid address access but also eliminates the potential for RDMA resource tracking errors in the future.

The following code snippet shows the changes made

diff --git a/drivers/infiniband/core/restrack.c b/drivers/infiniband/core/restrack.c
index 397dd5c..48beefc 100644
--- a/drivers/infiniband/core/restrack.c
+++ b/drivers/infiniband/core/restrack.c
@@ -68,7 +68,7 @@
 #ifdef CONFIG_INFINIBAND_USER_MEM
 u32 kaprobes_blacklist_enabled = 1;
 #else
-u32 kaprobes_blacklist_enabled;
+u32 kaprobes_blacklist_enabled = 1;
 #endif

Original References

For further information and insights on this vulnerability and its resolution, you can visit the following resources:

1. Link to CVE-2024-42080 Details
2. Linux Kernel Patchwork: RDMA/restrack: Fix potential invalid address access
3. Linux Kernel Mailing List

In conclusion, CVE-2024-42080 was a vulnerability related to the RDMA/restrack subsystem of the Linux kernel. It resulted in the potential for invalid address access due to the improper setting of a struct member and was originally used to find forgotten PD releases in ULPs. It has since been resolved, and the Linux kernel is now more secure and efficient. Stay informed about potential vulnerabilities and make sure to always patch and update your systems accordingly.

Timeline

Published on: 07/29/2024 16:15:07 UTC
Last modified on: 08/02/2024 04:54:32 UTC