Linux Kernel RDMA/irdma Depth Calculation Integer Overflow Vulnerability

A vulnerability in the Linux kernel's RDMA/irdma component was introduced by improper handling of depth calculations for send queues (SQ), receive queues (RQ), and shared receive queues (SRQ). The issue arises because the operating system can send a value of U32_MAX for the sizes of these queues. This can lead to an integer overflow and a truncation of the depth values, causing the system to incorrectly report a successful operation when it should have failed. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to incorrect depth calculations for RDMA/irdma queue management, potentially causing memory management issues or disrupting RDMA operations.

Reproduction

The vulnerability can be reproduced by passing U32_MAX as the size parameter for send queues, receive queues, or shared receive queues in the RDMA/irdma component. This can be done through applications that utilize RDMA services and incorrectly specify queue sizes.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The official Linux kernel Git repository can be used to download the patched version.