CVE-2024-57890: RDMA/uverbs: Prevent integer overflow issue
First published: Wed Jan 15 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems. This patch does two things. First, I've re-arranged the condition in uverbs_request_next_ptr() so that the use controlled variable "len" is on one side of the comparison by itself without any math. Then I've modified all the callers to use size_mul() for the multiplications.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Kernel-devel | ||
| Linux Kernel | >=2.6.15<5.4.289 | |
| Linux Kernel | >=5.5<5.10.233 | |
| Linux Kernel | >=5.11<5.15.176 | |
| Linux Kernel | >=5.16<6.1.124 | |
| Linux Kernel | >=6.2<6.6.70 | |
| Linux Kernel | >=6.7<6.12.9 | |
| Linux Kernel | =6.13-rc1 | |
| Linux Kernel | =6.13-rc2 | |
| Linux Kernel | =6.13-rc3 | |
| Linux Kernel | =6.13-rc4 | |
| Linux Kernel | =6.13-rc5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/c57721b24bd897338a81a0ca5fff41600f0f1ad1
- https://git.kernel.org/stable/c/42a6eb4ed7a9a41ba0b83eb0c7e0225b5fca5608
- https://git.kernel.org/stable/c/c2f961c46ea0e5274c5c320d007c2dd949cf627a
- https://git.kernel.org/stable/c/346db03e9926ab7117ed9bf19665699c037c773c
- https://git.kernel.org/stable/c/b92667f755749cf10d9ef1088865c555ae83ffb7
- https://git.kernel.org/stable/c/b3ef4ae713360501182695dd47d6b4f6e1a43eb8
- https://git.kernel.org/stable/c/d0257e089d1bbd35c69b6c97ff73e3690ab149a9
Frequently Asked Questions
What is the severity of CVE-2024-57890?
CVE-2024-57890 has a medium severity rating due to potential integer overflow vulnerabilities in the Linux kernel.
What versions of the Linux kernel are affected by CVE-2024-57890?
CVE-2024-57890 affects multiple versions of the Linux kernel, ranging from 2.6.15 to 6.12.9, including various release candidates.
How do I fix CVE-2024-57890?
To fix CVE-2024-57890, update your Linux kernel to a patched version that resolves the integer overflow vulnerability.
What is the impact of CVE-2024-57890?
The impact of CVE-2024-57890 includes potential denial of service attacks or escalation of privileges due to the integer overflow.
Is there a patch available for CVE-2024-57890?
Yes, patches for CVE-2024-57890 are available in the latest stable versions of the Linux kernel.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- agent/severity
- agent/remedy
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/guess-ai
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.15
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13-rc1
- version/linux kernel/6.13-rc2
- version/linux kernel/6.13-rc3
- version/linux kernel/6.13-rc4
- version/linux kernel/6.13-rc5
- canonical/red hat kernel-devel