Impact
The RDMA subsystem in the Linux kernel fails to verify that the requested access rights during a memory region re‑registration match the existing permissions. When the IB_MR_REREG_ACCESS flag is changed from read‑only to read‑write, the kernel does not re‑evaluate the underlying user memory mapping, which may result in a client being granted write access to a region that should remain read‑only. This omission creates an improper access control flaw (CWE-1220) that could compromise the confidentiality and integrity of data stored in the region.
Affected Systems
All Linux kernel releases that contain the RDMA stack prior to the inclusion of patch commit 09dc188 are affected. The issue primarily involves RDMA drivers such as mlx4, but any driver that registers memory regions without performing the added ib_umem_check_rereg() check could be susceptible. Systems running an unpatched kernel with active RDMA drivers should be considered vulnerable until the patch is applied.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity. The EPSS score of less than 1% suggests a very low likelihood of exploitation based on current data, and the the CISA The vector is a local or privileged RDMA client that can issue a re‑registration request changing the access flag from RO to RW. Because the flaw involves a missing kernel check rather than a userland exploit, no public exploits have been reported, and exploitation would require access to the RDMA device and the ability to manipulate registration requests.
OpenCVE Enrichment
Debian DSA