CVE-2024-36476 – This CVE-2024-36476 is a NULL pointer dereferen... (How to Fix)

Q: What is the severity of CVE-2024-36476?

CVE-2024-36476 has a CVSS score of 5.5 (MEDIUM). This CVE-2024-36476 is a NULL pointer dereference vulnerability in the Linux kernel's RDMA/rtrs subsystem. It can cause kernel panics and system crashes when the 'ib_sge list' variable becomes inaccessible due to improper scoping. Systems using RDMA (Remote Direct Memory Access) with the rtrs driver are affected.

📋 TL;DR

This CVE-2024-36476 is a NULL pointer dereference vulnerability in the Linux kernel's RDMA/rtrs subsystem. It can cause kernel panics and system crashes when the 'ib_sge list' variable becomes inaccessible due to improper scoping. Systems using RDMA (Remote Direct Memory Access) with the rtrs driver are affected.

💻 Affected Systems

Products:

Linux kernel with RDMA/rtrs subsystem enabled

Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RDMA and rtrs subsystem are enabled and used. Not all Linux systems have this configuration.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or kernel panic when RDMA operations trigger the vulnerable code path, resulting in temporary service unavailability.

🟢

If Mitigated

Minimal impact if systems have proper monitoring and redundancy, with crashes being recoverable through reboots.

🌐 Internet-Facing: LOW - Requires RDMA access and specific kernel configuration, not typically exposed to internet.

🏢 Internal Only: MEDIUM - Internal systems using RDMA for high-performance computing or storage could experience service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific RDMA operations. The vulnerability was discovered through crash reports, not active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 143378075904e78b3b2a810099bcc3b3d82d762f, 32e1e748a85bd52b20b3857d80fd166d22fa455a, 6ffb5c1885195ae5211a12b4acd2d51843ca41b0, 7eaa71f56a6f7ab87957213472dc6d4055862722, b238f61cc394d5fef27b26d7d9aa383ebfddabb0

Vendor Advisory: https://git.kernel.org/stable/c/143378075904e78b3b2a810099bcc3b3d82d762f

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution vendor. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable RDMA/rtrs module

linux

Prevent loading of the vulnerable RDMA rtrs module if not required

echo 'blacklist rtrs' >> /etc/modprobe.d/blacklist.conf
rmmod rtrs

🧯 If You Can't Patch

Disable RDMA functionality if not essential for operations
Implement system monitoring for kernel panics and have rapid recovery procedures

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if RDMA/rtrs is loaded: 'uname -r' and 'lsmod | grep rtrs'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and check for absence of NULL pointer dereference errors in dmesg

📡 Detection & Monitoring

Log Indicators:

Kernel NULL pointer dereference errors in dmesg
System crash logs mentioning rxe_mr_copy or rtrs

Network Indicators:

Unexpected RDMA connection failures

SIEM Query:

Search for 'kernel: BUG: kernel NULL pointer dereference' or 'rxe_mr_copy' in system logs

📊 Metadata

CVE ID: CVE-2024-36476

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.05% exploit probability (14.4th percentile)

Published: January 15, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36476, you might also want to check these: