nvd-json-data-feeds/CVE-2024/CVE-2024-531xx/CVE-2024-53151.json

{
  "id": "CVE-2024-53151",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-12-24T12:15:23.240",
  "lastModified": "2025-01-07T16:41:42.637",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsvcrdma: Address an integer overflow\n\nDan Carpenter reports:\n> Commit 78147ca8b4a9 (\"svcrdma: Add a \"parsed chunk list\" data\n> structure\") from Jun 22, 2020 (linux-next), leads to the following\n> Smatch static checker warning:\n>\n>\tnet/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk()\n>\twarn: potential user controlled sizeof overflow 'segcount * 4 * 4'\n>\n> net/sunrpc/xprtrdma/svc_rdma_recvfrom.c\n>     488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt)\n>     489 {\n>     490         u32 segcount;\n>     491         __be32 *p;\n>     492\n>     493         if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount))\n>                                                               ^^^^^^^^\n>\n>     494                 return false;\n>     495\n>     496         /* A bogus segcount causes this buffer overflow check to fail. */\n>     497         p = xdr_inline_decode(&rctxt->rc_stream,\n> --> 498                               segcount * rpcrdma_segment_maxsz * sizeof(*p));\n>\n>\n> segcount is an untrusted u32.  On 32bit systems anything >= SIZE_MAX / 16 will\n> have an integer overflow and some those values will be accepted by\n> xdr_inline_decode()."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: svcrdma: soluciona un desbordamiento de enteros Dan Carpenter informa: &gt; Commit 78147ca8b4a9 (\"svcrdma: agrega una estructura de datos de lista de fragmentos analizados\") del 22 de junio de 2020 (linux-next ), conduce a la siguiente &gt; Advertencia del comprobador est\u00e1tico Smatch: &gt; &gt; net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() &gt; advertencia: tama\u00f1o de desbordamiento potencial controlado por el usuario 'segcount * 4 * 4' &gt; &gt; net/sunrpc/xprtrdma/svc_rdma_recvfrom.c &gt; 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt) &gt; 489 { &gt; 490 u32 segcount; &gt; 491 __be32 *p; &gt; 492 &gt; 493 if (xdr_stream_decode_u32(&amp;rctxt-&gt;rc_stream, &amp;segcount)) &gt; ^^^^^^^^ &gt; &gt; 494 devuelve falso; &gt; 495 &gt; 496 /* Un recuento de segmentos falso provoca que esta comprobaci\u00f3n de desbordamiento del b\u00fafer falle. */&gt; 497 p = xdr_inline_decode(&amp;rctxt-&gt;rc_stream, &gt; --&gt; 498 segcount * rpcrdma_segment_maxsz * sizeof(*p)); &gt; &gt; &gt; segcount es un u32 que no es de confianza. En sistemas de 32 bits, cualquier cosa &gt;= TAMA\u00d1O_MAX / 16 tendr\u00e1 &gt; un desbordamiento de enteros y algunos de esos valores ser\u00e1n aceptados por &gt; xdr_inline_decode()."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.11",
              "versionEndExcluding": "5.15.174",
              "matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.16",
              "versionEndExcluding": "6.1.120",
              "matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.2",
              "versionEndExcluding": "6.6.64",
              "matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.7",
              "versionEndExcluding": "6.11.11",
              "matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.12",
              "versionEndExcluding": "6.12.2",
              "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/21e1cf688fb0397788c8dd42e1e0b08d58ac5c7b",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/3c63d8946e578663b868cb9912dac616ea68bfd0",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/4cbc3ba6dc2f746497cade60bcbaa82ae3696689",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/838dd342962cef4c320632a5af48d3c31f2f9877",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/c1f8195bf68edd2cef0f18a4cead394075a54b5a",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/e5c440c227ecdc721f2da0dd88b6358afd1031a7",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    }
  ]
}
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`{`
			`"id": "CVE-2024-53151",`
			`"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"published": "2024-12-24T12:15:23.240",`
Auto-Update: 2025-01-07T17:00:28.092861+00:00 2025-01-07 17:03:54 +00:00			`"lastModified": "2025-01-07T16:41:42.637",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsvcrdma: Address an integer overflow\n\nDan Carpenter reports:\n> Commit 78147ca8b4a9 (\"svcrdma: Add a \"parsed chunk list\" data\n> structure\") from Jun 22, 2020 (linux-next), leads to the following\n> Smatch static checker warning:\n>\n>\tnet/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk()\n>\twarn: potential user controlled sizeof overflow 'segcount * 4 * 4'\n>\n> net/sunrpc/xprtrdma/svc_rdma_recvfrom.c\n> 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt rctxt)\n> 489 {\n> 490 u32 segcount;\n> 491 __be32 p;\n> 492\n> 493 if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount))\n> ^^^^^^^^\n>\n> 494 return false;\n> 495\n> 496 /* A bogus segcount causes this buffer overflow check to fail. /\n> 497 p = xdr_inline_decode(&rctxt->rc_stream,\n> --> 498 segcount rpcrdma_segment_maxsz * sizeof(*p));\n>\n>\n> segcount is an untrusted u32. On 32bit systems anything >= SIZE_MAX / 16 will\n> have an integer overflow and some those values will be accepted by\n> xdr_inline_decode()."
Auto-Update: 2024-12-29T03:00:19.366387+00:00 2024-12-29 03:03:44 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: svcrdma: soluciona un desbordamiento de enteros Dan Carpenter informa: > Commit 78147ca8b4a9 (\"svcrdma: agrega una estructura de datos de lista de fragmentos analizados\") del 22 de junio de 2020 (linux-next ), conduce a la siguiente > Advertencia del comprobador est\u00e1tico Smatch: > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() > advertencia: tama\u00f1o de desbordamiento potencial controlado por el usuario 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt rctxt) > 489 { > 490 u32 segcount; > 491 __be32 p; > 492 > 493 if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount)) > ^^^^^^^^ > > 494 devuelve falso; > 495 > 496 /* Un recuento de segmentos falso provoca que esta comprobaci\u00f3n de desbordamiento del b\u00fafer falle. /> 497 p = xdr_inline_decode(&rctxt->rc_stream, > --> 498 segcount rpcrdma_segment_maxsz * sizeof(*p)); > > > segcount es un u32 que no es de confianza. En sistemas de 32 bits, cualquier cosa >= TAMA\u00d1O_MAX / 16 tendr\u00e1 > un desbordamiento de enteros y algunos de esos valores ser\u00e1n aceptados por > xdr_inline_decode()."
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`}`
			`],`
Auto-Update: 2025-01-07T17:00:28.092861+00:00 2025-01-07 17:03:54 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",`
			`"baseScore": 5.5,`
			`"baseSeverity": "MEDIUM",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "HIGH"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-190"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",`
			`"versionStartIncluding": "5.11",`
			`"versionEndExcluding": "5.15.174",`
			`"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",`
			`"versionStartIncluding": "5.16",`
			`"versionEndExcluding": "6.1.120",`
			`"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",`
			`"versionStartIncluding": "6.2",`
			`"versionEndExcluding": "6.6.64",`
			`"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",`
			`"versionStartIncluding": "6.7",`
			`"versionEndExcluding": "6.11.11",`
			`"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",`
			`"versionStartIncluding": "6.12",`
			`"versionEndExcluding": "6.12.2",`
			`"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`"references": [`
			`{`
			`"url": "https://git.kernel.org/stable/c/21e1cf688fb0397788c8dd42e1e0b08d58ac5c7b",`
Auto-Update: 2025-01-07T17:00:28.092861+00:00 2025-01-07 17:03:54 +00:00			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/3c63d8946e578663b868cb9912dac616ea68bfd0",`
Auto-Update: 2025-01-07T17:00:28.092861+00:00 2025-01-07 17:03:54 +00:00			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/4cbc3ba6dc2f746497cade60bcbaa82ae3696689",`
Auto-Update: 2025-01-07T17:00:28.092861+00:00 2025-01-07 17:03:54 +00:00			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/838dd342962cef4c320632a5af48d3c31f2f9877",`
Auto-Update: 2025-01-07T17:00:28.092861+00:00 2025-01-07 17:03:54 +00:00			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/c1f8195bf68edd2cef0f18a4cead394075a54b5a",`
Auto-Update: 2025-01-07T17:00:28.092861+00:00 2025-01-07 17:03:54 +00:00			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/e5c440c227ecdc721f2da0dd88b6358afd1031a7",`
Auto-Update: 2025-01-07T17:00:28.092861+00:00 2025-01-07 17:03:54 +00:00			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-12-24T13:00:20.073177+00:00 2024-12-24 13:03:44 +00:00			`}`
			`]`
			`}`