SB20240731137 - Buffer overflow in Linux kernel infiniband core driver
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20240731137
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2024-42145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb
- https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b
- https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f
- https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607
- https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa
- https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6
- https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4
- https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39