CVE-2023-52744: RDMA/irdma: Fix potential NULL-ptr-dereference

Description

In the Linux kernel, the following vulnerability has been resolved:

RDMA/irdma: Fix potential NULL-ptr-dereference

in_dev_get() can return NULL which will cause a failure once idev is
dereferenced in in_dev_for_each_ifa_rtnl(). This patch adds a
check for NULL value in idev beforehand.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Classification

CVE ID: CVE-2023-52744

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.06% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.kernel.org/stable/c/8f5fe1cd8e6a97f94840b55f59ed08cbc397086f
https://git.kernel.org/stable/c/360682fe7df262d94fae54f737c487bec0f9190d
https://git.kernel.org/stable/c/5d9745cead1f121974322b94ceadfb4d1e67960e

Timeline

2024-12-20 00:31:49 UTC
CVE

RDMA/irdma: Fix potential NULL-ptr-dereference