CVE-2024-50158

RDMA/bnxt_re: Fix out of bound check

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

RDMA/bnxt_re: Fix out of bound check

Driver exports pacing stats only on GenP5 and P7 adapters. But while
parsing the pacing stats, driver has a check for "rdev->dbr_pacing". This
caused a trace when KASAN is enabled.

BUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re]
Write of size 8 at addr ffff8885942a6340 by task modprobe/4809

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/bnxt_re: Se ha corregido la comprobación fuera de los límites. El controlador exporta estadísticas de ritmo solo en adaptadores GenP5 y P7. Pero al analizar las estadísticas de ritmo, el controlador tiene una comprobación para "rdev->dbr_pacing". Esto provocó un seguimiento cuando KASAN está habilitado. ERROR: KASAN: slab-out-of-bounds en bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re] Escritura de tamaño 8 en la dirección ffff8885942a6340 por la tarea modprobe/4809

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-07 CVE Published
2024-11-07 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/8b6573ff3420a2da1deb469a480dbc454745f784	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/05c5fcc1869a08e36a29691699b6534e5a00a82b	2024-11-01
https://git.kernel.org/stable/c/c11b9b03ea5252898f91f3388c248f0dc47bda52	2024-11-01
https://git.kernel.org/stable/c/a9e6e7443922ac0a48243c35d03834c96926bff1	2024-10-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.11.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.12-rc4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.12-rc4"		en		Affected