CVE-2024-36476

Advisory lineage Upstream: 0 Downstream: 39

Downstream

DEBIAN-CVE-2024-36476 DLA-4075-1 DLA-4076-1 MGASA-2025-0030 MGASA-2025-0032 SUSE-SU-2025:0289-1

Modified

Published: 15 Jan 2025, 13:10

Last modified:11 May 2026, 20:16

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (cve.org)

EPSS Score

<0.01% LOW

0% probability -0.04%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

15 Jan 2025, 13:10

Published

Vulnerability first disclosed

11 May 2026, 20:16

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 This change ensures the variable is available for subsequent operations that require it. [1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 9cb837480424e78ed585376f944088246685aec3, < 7eaa71f56a6f7ab87957213472dc6d4055862722 | ≥ 9cb837480424e78ed585376f944088246685aec3, < 143378075904e78b3b2a810099bcc3b3d82d762f | ≥ 9cb837480424e78ed585376f944088246685aec3, < 32e1e748a85bd52b20b3857d80fd166d22fa455a | ≥ 9cb837480424e78ed585376f944088246685aec3, < b238f61cc394d5fef27b26d7d9aa383ebfddabb0 | ≥ 9cb837480424e78ed585376f944088246685aec3, < 6ffb5c1885195ae5211a12b4acd2d51843ca41b0 | ≥ 9cb837480424e78ed585376f944088246685aec3, < fb514b31395946022f13a08e06a435f53cf9e8b3 | 5.8
linux•linux_kernel
≥ 5.8, < 5.10.233 | ≥ 5.11, < 5.15.176 | ≥ 5.16, < 6.1.124 | ≥ 6.2, < 6.6.70 | ≥ 6.7, < 6.12.9 | 6.13:rc1 | 6.13:rc2 | 6.13:rc3 | 6.13:rc4 | 6.13:rc5