Linux Kernel RDMA/CMA Uninitialized Qkey Vulnerability in Multicast Join

A vulnerability exists in the Linux kernel's RDMA connection manager (CMA) that relates to how uninitialized values are handled when joining multicast groups. Specifically, the issue arises in the InfiniBand core CMA driver, where the 'qkey' field is accessed without proper initialization. This vulnerability affects the user datagram (UD) queue pair type in multicast operations, particularly when using the Reliable Datagram Sockets (RDS) over InfiniBand protocol.

Impact

Exploitation of this vulnerability can lead to accessing uninitialized memory, which may cause undefined behavior in the application, such as crashes or incorrect data processing.

Reproduction

The vulnerability can be reproduced by joining a multicast group with a user datagram queue pair type without setting the required 'qkey' value. This can be done using the RDMA CM API in a scenario where the InfiniBand core CMA driver is active.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.