CVE-2024-53094: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53094 affects the Linux kernel's RDMA/siw component, specifically related to the MSG_SPLICE_PAGES functionality. The vulnerability was discovered when running ISER over SIW, where the initiator machine encounters a warning from skb_splice_from_iter() indicating improper use of slab pages in send_page operations. This issue was publicly disclosed on November 21, 2024, and affects Linux kernel versions up to 6.6.62 and from 6.7 to 6.11.9 (NVD).

The vulnerability occurs within the Linux kernel's RDMA/siw driver when handling page sending operations. The issue manifests when a slab page is being used in send_page operations without proper validation. The CVSS v3.1 base score is 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (NVD).

The vulnerability can lead to system warnings and potential issues in the network stack when using ISER over SIW. The primary impact is on availability, as indicated by the CVSS scoring, with no direct impact on confidentiality or integrity (NVD).

A fix has been implemented by adding a sendpage_ok() check within the driver itself. When this check returns 0, the MSG_SPLICE_PAGES flag is disabled before entering the network stack. The patch has been merged into the Linux kernel (Kernel Patch).