Linux Kernel RDMA/core ib Block Iterator Counter Overflow Vulnerability

A vulnerability in the Linux kernel's RDMA/core component has been addressed, concerning a counter overflow in the ib block iterator. This issue arises when registering a new DMA memory region after selecting the optimal alignment for the page size. The process involves iterating over the scatter-gather list to divide each entry into smaller, aligned DMA blocks. In certain scenarios where the scatter-gather entry and page size align in specific ways, an unaligned entry can require covering a total size of aligned pages of 4GB or more. This misalignment can cause the counter, which tracks progress through the scatter-gather entry, to overflow, leading to an infinite loop in the iterator function. The vulnerability has been fixed by modifying the advancement condition to prevent the counter from exceeding the entry size.

Impact

The vulnerability could cause an infinite loop in the ib block iterator, disrupting normal operations and potentially leading to a denial-of-service condition.