SB2024070708 - Resource management error in Linux kernel rds

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2024-27024)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the rds_sendmsg() function in net/rds/send.c, within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/786854141057751bc08eb26f1b02e97c1631c8f4
• https://git.kernel.org/stable/c/997efea2bf3a4adb96c306b9ad6a91442237bf5b
• https://git.kernel.org/stable/c/9dfc15a10dfd44f8ff7f27488651cb5be6af83c2
• https://git.kernel.org/stable/c/b562ebe21ed9adcf42242797dd6cb75beef12bf0
• https://git.kernel.org/stable/c/998fd719e6d6468b930ac0c44552ea9ff8b07b80
• https://git.kernel.org/stable/c/2b505d05280739ce31d5708da840f42df827cb85
• https://git.kernel.org/stable/c/907761307469adecb02461a14120e9a1812a5fb1
• https://git.kernel.org/stable/c/c055fc00c07be1f0df7375ab0036cebd1106ed38
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.310
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.213
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.152
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.272
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.82
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.22
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8