CVE-2024-47749: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47749 is a vulnerability discovered in the Linux kernel's RDMA/cxgb4 driver, specifically affecting the lookup_atid() function. The vulnerability was identified by the Linux Verification Center (linuxtesting.org) using SVACE analysis tool. The issue affects Linux kernel versions from 2.6.35 up to versions before 5.10.227, 5.11 to before 5.15.168, 5.16 to before 6.1.113, 6.2 to before 6.6.54, and other ranges (NVD).

The vulnerability stems from a NULL pointer dereference issue in the RDMA/cxgb4 driver. The lookup_atid() function can return NULL if the ATID (Asynchronous Transfer Identifier) is invalid or does not exist in the identifier table. This NULL return value was not properly checked in the act_establish() and act_open_rpl() functions, potentially leading to a null pointer dereference. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to a denial of service condition through system crash when the null pointer is dereferenced. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it can have a high impact on system availability (NVD).

The vulnerability has been fixed by adding NULL pointer checks in the affected functions. The fix has been implemented in various kernel versions through patches. Users should update their Linux kernel to the patched versions: 5.10.227 or later, 5.15.168 or later, 6.1.113 or later, or 6.6.54 or later, depending on their kernel series (NVD).