CVE-2024-40990

2024-07-1213:15:20

Linux

web.nvd.nist.gov

linux

kernel

vulnerability

rdma/mlx5

maximum allowed value

AI Score

6.7

Confidence

Low

EPSS

Percentile

10.6%

JSON

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Add check for srq max_sge attribute

max_sge attribute is passed by the user, and is inserted and used
unchecked, so verify that the value doesn’t exceed maximum allowed value
before using it.

Affected configurations

Vulners

Node

linuxlinux_kernelRange3.11–5.10.221

linuxlinux_kernelRange5.11.0–5.15.162

linuxlinux_kernelRange5.16.0–6.1.96

linuxlinux_kernelRange6.2.0–6.6.36

linuxlinux_kernelRange6.7.0–6.9.7

linuxlinux_kernelRange6.10.0≥

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/infiniband/hw/mlx5/srq.c"
    ],
    "versions": [
      {
        "version": "e126ba97dba9",
        "lessThan": "7186b81c1f15",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e126ba97dba9",
        "lessThan": "1e692244bf7d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e126ba97dba9",
        "lessThan": "999586418600",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e126ba97dba9",
        "lessThan": "e0deb0e9c967",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e126ba97dba9",
        "lessThan": "4ab99e361313",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e126ba97dba9",
        "lessThan": "36ab7ada64ca",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/infiniband/hw/mlx5/srq.c"
    ],
    "versions": [
      {
        "version": "3.11",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.11",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.221",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.162",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.96",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.36",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.7",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]