CVE-2024-36476: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-36476 affects the Linux kernel's RDMA/rtrs subsystem. The vulnerability was discovered in January 2025 and involves an accessibility issue with the 'ib_sge list' variable in the RDMA/rtrs server functionality. The issue affects various Linux distributions including Ubuntu 24.04 LTS, 22.04 LTS, and multiple kernel versions (Ubuntu Security).

The vulnerability stems from a variable scope issue where the 'ibsge list' variable was incorrectly declared within an 'alwaysinvalidate' block, limiting its accessibility throughout the function. This implementation error could lead to a kernel NULL pointer dereference, as evidenced by the stack trace in the kernel logs. The issue was traced back to the original RDMA/rtrs server functionality implementation (Kernel Commit).

When triggered, the vulnerability results in a kernel NULL pointer dereference, which can cause system crashes and potential denial of service conditions. The issue specifically affects systems utilizing the RDMA/rtrs subsystem in the Linux kernel (Ubuntu Security).

The issue has been fixed by moving the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block, ensuring it remains accessible throughout the function. This fix has been implemented in various kernel versions and is being distributed through distribution-specific updates (Ubuntu Security).