fkie_cve-2024-42145
Vulnerability from fkie_nvd
Published
2024-07-30 08:15
Modified
2024-12-11 15:23
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space. Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcbPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5fPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baaPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcbPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5fPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baaPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1bPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43E390F8-BDB4-4990-B94D-095DD8369C31",
                     versionEndExcluding: "4.19.318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "625DBFAB-C3D0-4309-A27F-12D6428FB38F",
                     versionEndExcluding: "5.4.280",
                     versionStartIncluding: "4.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "00696AC5-EE29-437F-97F9-C4D66608B327",
                     versionEndExcluding: "5.10.222",
                     versionStartIncluding: "5.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD",
                     versionEndExcluding: "5.15.163",
                     versionStartIncluding: "5.11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E09E92A5-27EF-40E4-926A-B1CDC8270551",
                     versionEndExcluding: "6.1.98",
                     versionStartIncluding: "5.16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "29E894E4-668F-4DB0-81F7-4FB5F698E970",
                     versionEndExcluding: "6.6.39",
                     versionStartIncluding: "6.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085",
                     versionEndExcluding: "6.9.9",
                     versionStartIncluding: "6.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full.",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/core: implementar un límite en la lista de recepción de UMAD El comportamiento existente de ib_umad, que mantiene los paquetes MAD recibidos en una lista ilimitada, plantea un riesgo de crecimiento incontrolado. A medida que las aplicaciones del espacio de usuario extraen paquetes de esta lista, es posible que la tasa de extracción no coincida con la tasa de paquetes entrantes, lo que puede provocar un posible desbordamiento de la lista. Para solucionar esto, introducimos un límite al tamaño de la lista. Después de considerar escenarios típicos, como el procesamiento OpenSM, que puede manejar aproximadamente 100 000 paquetes por segundo, y el tiempo de espera de reintento de 1 segundo para la mayoría de los paquetes, establecemos el límite de tamaño de la lista en 200 000. Los paquetes recibidos más allá de este límite se descartan, suponiendo que probablemente se agote el tiempo de espera cuando sean manejados por el espacio de usuario. En particular, los paquetes en cola en la lista de recepción debido a motivos como el tiempo de espera de envío se conservan incluso cuando la lista está llena.",
      },
   ],
   id: "CVE-2024-42145",
   lastModified: "2024-12-11T15:23:13.553",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-07-30T08:15:06.227",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.