In the Linux kernel, the following vulnerability has been resolved:
EDAC/bluefield: Fix potential integer overflow
The 64-bit argument for the "get DIMM info" SMC call consists of memctrlidx left-shifted 16 bits and OR-ed with DIMM index. With memctrlidx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument.
The memctrlidx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits.
[ { "signature_type": "Line", "id": "CVE-2024-53161-01cc8b78", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fe774a93b46bb029b8f6fa9d1f25affa53f06c6", "signature_version": "v1", "target": { "file": "drivers/edac/bluefield_edac.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "144332780405198807407031564196543626094", "193744805205554513971975831374933113765", "79176619365506357900490429404231969020", "13307643988933145462850130721189577877" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-53161-2a66e1b5", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@578ca89b04680145d41011e7cec8806fefbb59e7", "signature_version": "v1", "target": { "file": "drivers/edac/bluefield_edac.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "144332780405198807407031564196543626094", "193744805205554513971975831374933113765", "79176619365506357900490429404231969020", "13307643988933145462850130721189577877" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-53161-328a5742", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ac6ebb9edcdb7077e841862c402697c4c48a7c0a", "signature_version": "v1", "target": { "file": "drivers/edac/bluefield_edac.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "144332780405198807407031564196543626094", "193744805205554513971975831374933113765", "79176619365506357900490429404231969020", "13307643988933145462850130721189577877" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-53161-51ef2ed1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0269ea7a628fdeddd65b92fe29c09655dbb80b9", "signature_version": "v1", "target": { "file": "drivers/edac/bluefield_edac.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "144332780405198807407031564196543626094", "193744805205554513971975831374933113765", "79176619365506357900490429404231969020", "13307643988933145462850130721189577877" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-53161-605de022", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8cc31cfa36ff37aff399b72faa2ded58110112ae", "signature_version": "v1", "target": { "file": "drivers/edac/bluefield_edac.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "144332780405198807407031564196543626094", "193744805205554513971975831374933113765", "79176619365506357900490429404231969020", "13307643988933145462850130721189577877" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-53161-6d4d5c2a", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fdb90006184aa84c7b4e09144ed0936d4e1891a7", "signature_version": "v1", "target": { "file": "drivers/edac/bluefield_edac.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "144332780405198807407031564196543626094", "193744805205554513971975831374933113765", "79176619365506357900490429404231969020", "13307643988933145462850130721189577877" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-53161-92ed6d15", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ad7033de109d0fec99086f352f58a3412e378b8", "signature_version": "v1", "target": { "file": "drivers/edac/bluefield_edac.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "144332780405198807407031564196543626094", "193744805205554513971975831374933113765", "79176619365506357900490429404231969020", "13307643988933145462850130721189577877" ] }, "deprecated": false }, { "signature_type": "Line", "id": "CVE-2024-53161-9d11508d", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5", "signature_version": "v1", "target": { "file": "drivers/edac/bluefield_edac.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "144332780405198807407031564196543626094", "193744805205554513971975831374933113765", "79176619365506357900490429404231969020", "13307643988933145462850130721189577877" ] }, "deprecated": false } ]