AZL-55822

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55822.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-55822

Upstream

CVE-2024-57890

Published

2025-01-15T13:15:13Z

Modified

2026-04-01T05:18:45.339559Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-57890 affecting package kernel for versions less than 6.6.76.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/uverbs: Prevent integer overflow issue

In the expression "cmd.wqesize * cmd.wrcount", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbsrequestnextptr() which also could potentially wrap. The "cmd.sgecount * sizeof(struct ibuverbssge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems.

This patch does two things. First, I've re-arranged the condition in uverbsrequestnextptr() so that the use controlled variable "len" is on one side of the comparison by itself without any math. Then I've modified all the callers to use sizemul() for the multiplications.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-57890

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.76.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55822.json"