CVE-2024-38542

Published: Jun 19, 2024Modified: Apr 1, 2025

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow.

Affected (2)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.8.2 to 6.8.12
Linux Linux Kernel	From 6.9 to 6.9.3

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (6)

https://git.kernel.org/stable/c/168f6fbde0eabd71d1f4133df7d001a950b96977

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f12afddfb142587d786df9e3cc4862190d3e2ec8

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f79edef79b6a2161f4124112f9b0c46891bb0b74

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/168f6fbde0eabd71d1f4133df7d001a950b96977

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/f12afddfb142587d786df9e3cc4862190d3e2ec8

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/f79edef79b6a2161f4124112f9b0c46891bb0b74

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.