CVE-2024-56722: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56722 affects the Linux kernel's RDMA/hns (Remote Direct Memory Access/HiSilicon Network Subsystem) driver. The vulnerability was discovered when during reset operations, commands to destroy resources such as QP (Queue Pairs), CQ (Completion Queues), and MR (Memory Regions) may fail, causing excessive error log printing that can lead to CPU stalls. The issue affects Linux kernel versions from 4.9 up to (excluding) 6.1.120, 6.2 up to (excluding) 6.6.64, 6.7 up to (excluding) 6.11.11, and 6.12 up to (excluding) 6.12.2 (NVD).

The vulnerability stems from uncontrolled error logging in the RDMA/hns driver during resource cleanup operations. When resources like QP, CQ, and MR fail to be destroyed during reset operations, the driver generates excessive error logs without rate limiting. This unrestricted logging can overwhelm the system and cause CPU stalls. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access required with potential for high availability impact (NVD).

The primary impact of this vulnerability is a potential denial of service through CPU stalls. When a large number of resources need to be destroyed during reset operations, the excessive logging can consume significant CPU resources, potentially making the system unresponsive. This affects system availability but does not compromise confidentiality or integrity (NVD).

The vulnerability has been patched by replacing standard printing functions with rate-limited versions and removing unnecessary logging. The fix involves using deverrratelimited() and ibdeverrratelimited() instead of their non-rate-limited counterparts. Fixed versions are available in Linux kernel 6.1.120 and later, 6.6.64 and later, 6.11.11 and later, and 6.12.2 and later (Kernel Patch).