fkie_cve-2024-42145
Vulnerability from fkie_nvd
Published
2024-07-30 08:15
Modified
2024-12-11 15:23
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space. Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcbPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5fPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baaPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcbPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5fPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baaPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1bPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43E390F8-BDB4-4990-B94D-095DD8369C31",
              "versionEndExcluding": "4.19.318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "625DBFAB-C3D0-4309-A27F-12D6428FB38F",
              "versionEndExcluding": "5.4.280",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00696AC5-EE29-437F-97F9-C4D66608B327",
              "versionEndExcluding": "5.10.222",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD",
              "versionEndExcluding": "5.15.163",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551",
              "versionEndExcluding": "6.1.98",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970",
              "versionEndExcluding": "6.6.39",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085",
              "versionEndExcluding": "6.9.9",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/core: implementar un l\u00edmite en la lista de recepci\u00f3n de UMAD El comportamiento existente de ib_umad, que mantiene los paquetes MAD recibidos en una lista ilimitada, plantea un riesgo de crecimiento incontrolado. A medida que las aplicaciones del espacio de usuario extraen paquetes de esta lista, es posible que la tasa de extracci\u00f3n no coincida con la tasa de paquetes entrantes, lo que puede provocar un posible desbordamiento de la lista. Para solucionar esto, introducimos un l\u00edmite al tama\u00f1o de la lista. Despu\u00e9s de considerar escenarios t\u00edpicos, como el procesamiento OpenSM, que puede manejar aproximadamente 100 000 paquetes por segundo, y el tiempo de espera de reintento de 1 segundo para la mayor\u00eda de los paquetes, establecemos el l\u00edmite de tama\u00f1o de la lista en 200 000. Los paquetes recibidos m\u00e1s all\u00e1 de este l\u00edmite se descartan, suponiendo que probablemente se agote el tiempo de espera cuando sean manejados por el espacio de usuario. En particular, los paquetes en cola en la lista de recepci\u00f3n debido a motivos como el tiempo de espera de env\u00edo se conservan incluso cuando la lista est\u00e1 llena."
    }
  ],
  "id": "CVE-2024-42145",
  "lastModified": "2024-12-11T15:23:13.553",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-30T08:15:06.227",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.