Linux Kernel RDMA/mana Component Memory Corruption Vulnerability

A vulnerability in the Linux kernel's RDMA/mana component allows userspace to overwrite kernel memory. This issue arises because the 'rx_hash_key_len' value, sourced from a userspace API structure, is passed to 'memcpy' without proper validation. As a result, it could lead to a buffer overflow. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can cause memory corruption in the kernel, potentially leading to arbitrary code execution or a system crash.

Reproduction

The vulnerability can be reproduced by sending a crafted request through the RDMA/mana interface that includes an 'rx_hash_key_len' value larger than the allocated hashkey size. This can be done by manipulating the userspace API structure that interfaces with the RDMA/mana driver.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.