CVE-2024-42145

EPSS 0.01%
Published 30.07.2024 08:15:06
Last modified 03.11.2025 22:17:42
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

IB/core: Implement a limit on UMAD receive List

The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.

To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.

Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.19.318

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.280

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.222

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.163

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.98

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.39

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb

Patch

https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f

Patch

https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa

Patch

https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4

Patch

https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b

Patch

https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6

Patch