Unrated severityNVD Advisory· Published Jan 15, 2025· Updated Nov 3, 2025

RDMA/uverbs: Prevent integer overflow issue

CVE-2024-57890

Description

In the Linux kernel, the following vulnerability has been resolved:

In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems.

This patch does two things. First, I've re-arranged the condition in uverbs_request_next_ptr() so that the use controlled variable "len" is on one side of the comparison by itself without any math. Then I've modified all the callers to use size_mul() for the multiplications.

Affected products

Linux/RDMA/uverbsllm-create
Linux/Linux Kernel Rtllm-fuzzy
osv-coords71 versions
pkg:deb/ubuntu/linux-lowlatency@6.11.0-1011.12?arch=source&distro=oracular pkg:deb/ubuntu/linux-raspi@6.11.0-1010.10?arch=source&distro=oracular pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_5&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_5&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_5&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_5&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_65&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 6.11.0-1011.12+ 70 more
- (no CPE)range: < 6.11.0-1011.12
- (no CPE)range: < 6.11.0-1010.10
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1.150600.12.16.2
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-15061.12.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.12.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.38.1.150600.12.16.2
- (no CPE)range: < 6.4.0-24.1.21.4
- (no CPE)range: < 6.4.0-24.1.21.4
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-150600.1.3.1
- (no CPE)range: < 1-150600.13.3.2
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-15061.12.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.8.26.1
- (no CPE)range: < 6.4.0-15061.12.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 6.4.0-150600.10.26.1
- (no CPE)range: < 6.4.0-150600.23.38.1
- (no CPE)range: < 1-8.3.1
Linux/Linuxcpe-rescue
Range: 2.6.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000