Login Sign Up

CVE-2024-47695

7.8 HIGH

📋 TL;DR

This CVE describes an out-of-bounds memory access vulnerability in the Linux kernel's RDMA/rtrs-clt subsystem. The flaw occurs during connection cleanup when a failure happens, allowing potential memory corruption. Systems running affected Linux kernel versions with RDMA functionality are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE description; check kernel commit history for exact ranges.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if RDMA (Remote Direct Memory Access) functionality is enabled and in use. Many systems don't use RDMA by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation leading to full system compromise.

🟠

Likely Case

System instability, crashes, or denial of service affecting RDMA functionality.

🟢

If Mitigated

Limited impact if RDMA is disabled or not in use, with potential for system instability if triggered.

🌐 Internet-Facing: LOW - Requires local access or network access to RDMA services.
🏢 Internal Only: MEDIUM - Internal systems using RDMA could be affected by malicious local users or network attacks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the specific failure condition in init_conns() function and may require local access or network access to RDMA services.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commit 01b9be936ee8839ab9f83a7e84ee02ac6c8303c4 or later

Vendor Advisory: https://git.kernel.org/stable/c/01b9be936ee8839ab9f83a7e84ee02ac6c8303c4

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable RDMA functionality

linux

Disable RDMA modules to prevent exploitation

modprobe -r rdma_rtrs_client
echo 'blacklist rdma_rtrs_client' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Disable RDMA functionality if not required
  • Restrict access to RDMA services using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if RDMA modules are loaded: lsmod | grep rtrs

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and RDMA modules function correctly after update

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • RDMA connection failure messages
  • Out-of-bounds memory access errors

Network Indicators:

  • Unexpected RDMA connection failures
  • Abnormal RDMA traffic patterns

SIEM Query:

kernel:panic OR kernel:oops OR rdma:error

📊 Metadata

CVE ID: CVE-2024-47695
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: October 21, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47695, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)