Linux Kernel RDMA LS Operation IP Resolve Vulnerability

A vulnerability in the Linux kernel's RDMA (Remote Direct Memory Access) component has been addressed. The issue arose because the netlink response for the RDMA_NL_LS_OP_IP_RESOLVE operation was not properly validating the presence of the LS_NLA_TYPE_DGID attribute. This oversight could lead to an uninitialized read from the stack, triggered by userspace applications that failed to provide the DGID when requested by the kernel. The vulnerability has been fixed by correcting the attribute parsing and validation process, ensuring that the operation can only proceed when the necessary data is present.

Impact

Exploitation of this vulnerability could cause a read of uninitialized memory from the stack, which may lead to information disclosure or unpredictable behavior in the kernel.

Reproduction

To reproduce this vulnerability, initiate a netlink message with the RDMA_NL_LS_OP_IP_RESOLVE operation without including the LS_NLA_TYPE_DGID attribute. This can be done by sending a netlink message from userspace that omits the required DGID information. The kernel will then process the message, leading to an uninitialized read from the stack.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.