Vigil@nce - Linux kernel: denial of service via cma_req_handler
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send an InfiniBand RDMA packet, in order to
generate an error in the cma_req_handler() function of the Linux
kernel, in order to trigger a denial of service.
Impacted products: Linux
Severity: 2/4
Creation date: 08/04/2014
DESCRIPTION OF THE VULNERABILITY
The InfiniBand technology is used to transmit data efficiently,
using for example RDMA (Remote Direct Memory Access).
The RoCE (RDMA over Converged Ethernet) protocol is also used to
remotely access to the memory.
However, when both are enabled on the Linux kernel, the code
managing RDMA is redundant in the cma_req_handler() InfiniBand
function.
An attacker can therefore send an InfiniBand RDMA packet, in order
to generate an error in the cma_req_handler() function of the
Linux kernel, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-cma-req-handler-14551