CVE-2024-50209: RDMA/bnxt_re: Add a check for memory allocation
First published: Fri Nov 08 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails. Driver is not checking the status on one of the instances.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.7<5.10.229 | |
| Linux Kernel | >=5.15<5.15.170 | |
| Linux Kernel | >=5.16<6.1.115 | |
| Linux Kernel | >=6.2<6.6.59 | |
| Linux Kernel | >=6.7<6.11.6 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.135-1 6.12.25-1 6.12.27-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/dbe51dd516e6d4e655f31c8a1cbc050dde7ba97b
- https://git.kernel.org/stable/c/322a19baaaa25a1fe8ce9fceaed9409ad847844c
- https://git.kernel.org/stable/c/76dd679c3b148d23f72dcf6c3cde3d5f746b2c07
- https://git.kernel.org/stable/c/c71957271f2e8133a6aa82001c2fa671d5008129
- https://git.kernel.org/stable/c/ba9045887b435a4c5551245ae034b8791b4e4aaa
- https://git.kernel.org/stable/c/c5c1ae73b7741fa3b58e6e001b407825bb971225
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50209
- https://nvd.nist.gov/vuln/detail/CVE-2024-50209
- https://launchpad.net/bugs/cve/CVE-2024-50209
- https://security-tracker.debian.org/tracker/CVE-2024-50209
- https://ubuntu.com/security/CVE-2024-50209
- https://git.kernel.org/linus/c5c1ae73b7741fa3b58e6e001b407825bb971225
Frequently Asked Questions
What is the severity of CVE-2024-50209?
CVE-2024-50209 has been assessed with a moderate severity rating due to potential memory allocation failures in the Linux kernel.
How do I fix CVE-2024-50209?
To fix CVE-2024-50209, update the Linux kernel to a version that has addressed this vulnerability.
What versions of the Linux kernel are affected by CVE-2024-50209?
CVE-2024-50209 affects multiple versions of the Linux kernel, specifically those between 5.7 and 5.10.229, 5.15 and 5.15.170, 5.16 and 6.1.115, 6.2 and 6.6.59, 6.7 and 6.11.6, as well as the 6.12 release candidates.
What is the cause of CVE-2024-50209?
CVE-2024-50209 is caused by the RDMA/bnxt_re driver in the Linux kernel failing to check the status of memory allocation in the __alloc_pbl() function.
Does CVE-2024-50209 require immediate attention?
Given its moderate severity, CVE-2024-50209 should be addressed in a timely manner to ensure system stability and security.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/source
- agent/description
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.7
- version/linux kernel/5.15
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- package-manager/debian