CVE-2024-40990

max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40990.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e126ba97dba9edeb6fafa3665b5f8497fc9cdf8c

Fixed

7186b81c1f15e39069b1af172c6a951728ed3511

Fixed

1e692244bf7dd827dd72edc6c4a3b36ae572f03c

Fixed

999586418600b4b3b93c2a0edd3a4ca71ee759bf

Fixed

e0deb0e9c967b61420235f7f17a4450b4b4d6ce2

Fixed

4ab99e3613139f026d2d8ba954819e2876120ab3

Fixed

36ab7ada64caf08f10ee5a114d39964d1f91e81d

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.11.0

Fixed

5.10.221

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.162

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.96

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.36

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.9.7