{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-35902","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-17T13:50:33.114Z","datePublished":"2024-05-19T08:34:55.692Z","dateUpdated":"2026-05-12T11:52:37.774Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:13:27.880Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix possible cp null dereference\n\ncp might be null, calling cp->cp_conn would produce null dereference\n\n[Simon Horman adds:]\n\nAnalysis:\n\n* cp is a parameter of __rds_rdma_map and is not reassigned.\n\n* The following call-sites pass a NULL cp argument to __rds_rdma_map()\n\n  - rds_get_mr()\n  - rds_get_mr_for_dest\n\n* Prior to the code above, the following assumes that cp may be NULL\n  (which is indicative, but could itself be unnecessary)\n\n\ttrans_private = rs->rs_transport->get_mr(\n\t\tsg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL,\n\t\targs->vec.addr, args->vec.bytes,\n\t\tneed_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);\n\n* The code modified by this patch is guarded by IS_ERR(trans_private),\n  where trans_private is assigned as per the previous point in this analysis.\n\n  The only implementation of get_mr that I could locate is rds_ib_get_mr()\n  which can return an ERR_PTR if the conn (4th) argument is NULL.\n\n* ret is set to PTR_ERR(trans_private).\n  rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.\n  Thus ret may be -ENODEV in which case the code in question will execute.\n\nConclusion:\n* cp may be NULL at the point where this patch adds a check;\n  this patch does seem to address a possible bug"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/rds/rdma.c"],"versions":[{"version":"786854141057751bc08eb26f1b02e97c1631c8f4","lessThan":"d275de8ea7be3a453629fddae41d4156762e814c","status":"affected","versionType":"git"},{"version":"997efea2bf3a4adb96c306b9ad6a91442237bf5b","lessThan":"bcd46782e2ec3825d10c1552fcb674d491cc09f9","status":"affected","versionType":"git"},{"version":"9dfc15a10dfd44f8ff7f27488651cb5be6af83c2","lessThan":"cfb786b03b03c5ff38882bee38525eb9987e4d14","status":"affected","versionType":"git"},{"version":"b562ebe21ed9adcf42242797dd6cb75beef12bf0","lessThan":"d49fac38479bfdaec52b3ea274d290c47a294029","status":"affected","versionType":"git"},{"version":"998fd719e6d6468b930ac0c44552ea9ff8b07b80","lessThan":"cbaac2e5488ed54833897264a5ffb2a341a9f196","status":"affected","versionType":"git"},{"version":"2b505d05280739ce31d5708da840f42df827cb85","lessThan":"92309bed3c5fbe2ccd4c45056efd42edbd06162d","status":"affected","versionType":"git"},{"version":"c055fc00c07be1f0df7375ab0036cebd1106ed38","lessThan":"6794090c742008c53b344b35b021d4a3093dc50a","status":"affected","versionType":"git"},{"version":"c055fc00c07be1f0df7375ab0036cebd1106ed38","lessThan":"62fc3357e079a07a22465b9b6ef71bb6ea75ee4b","status":"affected","versionType":"git"},{"version":"907761307469adecb02461a14120e9a1812a5fb1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/rds/rdma.c"],"versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","status":"unaffected","versionType":"semver"},{"version":"4.19.312","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.274","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.215","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.154","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.85","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.26","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.5","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.310","versionEndExcluding":"4.19.312"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.272","versionEndExcluding":"5.4.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.213","versionEndExcluding":"5.10.215"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.152","versionEndExcluding":"5.15.154"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.82","versionEndExcluding":"6.1.85"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.22","versionEndExcluding":"6.6.26"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.8.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c"},{"url":"https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9"},{"url":"https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14"},{"url":"https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029"},{"url":"https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196"},{"url":"https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d"},{"url":"https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a"},{"url":"https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b"}],"title":"net/rds: fix possible cp null dereference","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-35902","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-20T14:09:14.303997Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:34:18.553Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:21:48.670Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T11:52:37.774Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}]}]},"dataVersion":"5.2"}