Linux Kernel RDMA/rxe NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's RDMA/rxe component can lead to a kernel NULL pointer dereference. This issue occurs when the function 'rxe_qp_init_req' fails to initialize certain task parameters, causing the creation of a queue pair (qp) to fail. Consequently, the 'rxe_create_qp' function attempts to clean up allocated resources without properly checking if the task parameters are set, leading to a NULL pointer dereference.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, which can lead to a system crash or instability.

Reproduction

The vulnerability can be reproduced by creating a queue pair using the RDMA/rxe component. If the initialization process fails, the task parameters 'func' and 'arg' will not be set. When the 'rxe_create_qp' function calls 'rxe_qp_do_cleanup' to free resources, it will inadvertently dereference a NULL pointer, causing a crash.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the official Linux Git repository.