Impact
The Linux kernel’s ib_get_ucaps() function validates the file operations passed to it only by checking the device type identifier. This approach allows a user with the ability to create a block device to craft a device that shares the same dev_t as the expected character device. When the kernel then treats this block device as an RDMA user capabilities device, it may invoke kernel operations on an unintended device, leading to unauthorized use of RDMA interfaces. The impact is that an attacker could gain unapproved access to RDMA capabilities, potentially affecting confidentiality and integrity of data transmitted through RDMA channels.
Affected Systems
The flaw exists in all Linux kernels that include the RDMA core subsystem and that have not yet been updated to the patch that adds proper fops validation. No specific kernel version range is listed in the advisory, so any kernel derived from the affected branch and still using the unpatched ib_get_ucaps() can be impacted.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity, while the EPSS score of <1% suggests a low probability of exploitation at this time. Because the fault requires a local user to craft a block device that impersonates the RDMA character device, the attack vector is local. The vulnerability is not currently listed in the CISA KEV catalog, so no large‑scale exploitation has been observed yet. Nevertheless, the combination of high impact and the possibility of local exploitation warrants prompt attention, especially on systems where RDMA is enabled and the kernel version is known or unknown to be fixed.
OpenCVE Enrichment