Linux Kernel RDMA/mlx4 Shift Wrapping Vulnerability in User Send Queue Size Management

A vulnerability in the Linux kernel's RDMA mlx4 component allows for shift wrapping in the user-controlled send queue size parameter. This issue could lead to undefined behavior by improperly validating the size of send queues in user space. The vulnerability is present in several versions of the Linux kernel.

Impact

The vulnerability could cause undefined behavior by allowing user-controlled input to wrap around, potentially leading to memory corruption or other unintended consequences.

Reproduction

The vulnerability can be reproduced by setting the 'log_sq_bb_count' parameter in a way that causes it to wrap around during processing. This can be done by exceeding the maximum value that can be represented, which will trigger the shift wrapping issue.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux kernel documentation.