| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022632-CVE-2024-57973-8797@gregkh> Date: Wed, 26 Feb 2025 18:05:32 -0800 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-57973: rdma/cxgb4: Prevent potential integer overflow on 32bit Description =========== In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit The "gl->tot_len" variable is controlled by the user. It comes from process_responses(). On 32bit systems, the "gl->tot_len + sizeof(struct cpl_pass_accept_req) + sizeof(struct rss_header)" addition could have an integer wrapping bug. Use size_add() to prevent this. The Linux kernel CVE team has assigned CVE-2024-57973 to this issue. Affected and fixed versions =========================== Issue introduced in 3.8 with commit 1cab775c3e75f1250c965feafd061d696df36e53 and fixed in 6.1.129 with commit 4422f452d028850b9cc4fd8f1cf45a8ff91855eb Issue introduced in 3.8 with commit 1cab775c3e75f1250c965feafd061d696df36e53 and fixed in 6.6.76 with commit de8d88b68d0cfd41152a7a63d6aec0ed3e1b837a Issue introduced in 3.8 with commit 1cab775c3e75f1250c965feafd061d696df36e53 and fixed in 6.12.13 with commit dd352107f22bfbecbbf3b74bde14f3f932296309 Issue introduced in 3.8 with commit 1cab775c3e75f1250c965feafd061d696df36e53 and fixed in 6.13.2 with commit aeb814484387811b3579d5c78ad4eb301e3bf1c8 Issue introduced in 3.8 with commit 1cab775c3e75f1250c965feafd061d696df36e53 and fixed in 6.14-rc1 with commit bd96a3935e89486304461a21752f824fc25e0f0b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-57973 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/hw/cxgb4/device.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/4422f452d028850b9cc4fd8f1cf45a8ff91855eb https://git.kernel.org/stable/c/de8d88b68d0cfd41152a7a63d6aec0ed3e1b837a https://git.kernel.org/stable/c/dd352107f22bfbecbbf3b74bde14f3f932296309 https://git.kernel.org/stable/c/aeb814484387811b3579d5c78ad4eb301e3bf1c8 https://git.kernel.org/stable/c/bd96a3935e89486304461a21752f824fc25e0f0b
Powered by blists - more mailing lists