cve/2024/CVE-2024-53151.md

### [CVE-2024-53151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53151)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.11%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=78147ca8b4a9b6cf0e597ddd6bf17959e08376c2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:svcrdma: Address an integer overflowDan Carpenter reports:> Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data> structure") from Jun 22, 2020 (linux-next), leads to the following> Smatch static checker warning:>>	net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk()>	warn: potential user controlled sizeof overflow 'segcount * 4 * 4'>> net/sunrpc/xprtrdma/svc_rdma_recvfrom.c>     488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt)>     489 {>     490         u32 segcount;>     491         __be32 *p;>     492>     493         if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount))>                                                               ^^^^^^^^>>     494                 return false;>     495>     496         /* A bogus segcount causes this buffer overflow check to fail. */>     497         p = xdr_inline_decode(&rctxt->rc_stream,> --> 498                               segcount * rpcrdma_segment_maxsz * sizeof(*p));>>> segcount is an untrusted u32.  On 32bit systems anything >= SIZE_MAX / 16 will> have an integer overflow and some those values will be accepted by> xdr_inline_decode().

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/w4zu/Debian_security