CVE-2024-44970 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 4
Latest updateJan 9
Description
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
When all the strides in a WQE have been consumed, the WQE is unlinked
from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible
to receive CQEs with 0 consumed strides for the same WQE even after the
WQE is fully consumed and unlinked. This triggers an additional unlink
for the same wqe which corrupts the linked list.
Fix this scenario by accepting 0 sized cons…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
▶CVEListV5linux/linuxf97d5c2a453e26071e3b0ec12161de57c4a237c4 — 7b379353e9144e1f7460ff15f39862012c9d0d78+4
Patches
🔴Vulnerability Details
7OSV▶
linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities↗2024-12-12