CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1e692244bf7dd827dd72edc6c4a3b36ae572f03c	Patch
https://git.kernel.org/stable/c/36ab7ada64caf08f10ee5a114d39964d1f91e81d	Patch
https://git.kernel.org/stable/c/4ab99e3613139f026d2d8ba954819e2876120ab3	Patch
https://git.kernel.org/stable/c/7186b81c1f15e39069b1af172c6a951728ed3511	Patch
https://git.kernel.org/stable/c/999586418600b4b3b93c2a0edd3a4ca71ee759bf	Patch
https://git.kernel.org/stable/c/e0deb0e9c967b61420235f7f17a4450b4b4d6ce2	Patch
https://git.kernel.org/stable/c/1e692244bf7dd827dd72edc6c4a3b36ae572f03c	Patch
https://git.kernel.org/stable/c/36ab7ada64caf08f10ee5a114d39964d1f91e81d	Patch
https://git.kernel.org/stable/c/4ab99e3613139f026d2d8ba954819e2876120ab3	Patch
https://git.kernel.org/stable/c/7186b81c1f15e39069b1af172c6a951728ed3511	Patch
https://git.kernel.org/stable/c/999586418600b4b3b93c2a0edd3a4ca71ee759bf	Patch
https://git.kernel.org/stable/c/e0deb0e9c967b61420235f7f17a4450b4b4d6ce2	Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc4::::::

History

03 Nov 2025, 22:17

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

06 Oct 2025, 20:56

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1e692244bf7dd827dd72edc6c4a3b36ae572f03c -~~	() https://git.kernel.org/stable/c/1e692244bf7dd827dd72edc6c4a3b36ae572f03c - Patch
References	~~() https://git.kernel.org/stable/c/36ab7ada64caf08f10ee5a114d39964d1f91e81d -~~	() https://git.kernel.org/stable/c/36ab7ada64caf08f10ee5a114d39964d1f91e81d - Patch
References	~~() https://git.kernel.org/stable/c/4ab99e3613139f026d2d8ba954819e2876120ab3 -~~	() https://git.kernel.org/stable/c/4ab99e3613139f026d2d8ba954819e2876120ab3 - Patch
References	~~() https://git.kernel.org/stable/c/7186b81c1f15e39069b1af172c6a951728ed3511 -~~	() https://git.kernel.org/stable/c/7186b81c1f15e39069b1af172c6a951728ed3511 - Patch
References	~~() https://git.kernel.org/stable/c/999586418600b4b3b93c2a0edd3a4ca71ee759bf -~~	() https://git.kernel.org/stable/c/999586418600b4b3b93c2a0edd3a4ca71ee759bf - Patch
References	~~() https://git.kernel.org/stable/c/e0deb0e9c967b61420235f7f17a4450b4b4d6ce2 -~~	() https://git.kernel.org/stable/c/e0deb0e9c967b61420235f7f17a4450b4b4d6ce2 - Patch
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.10:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc4:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo

21 Nov 2024, 09:32

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1e692244bf7dd827dd72edc6c4a3b36ae572f03c -~~	() https://git.kernel.org/stable/c/1e692244bf7dd827dd72edc6c4a3b36ae572f03c -
References	~~() https://git.kernel.org/stable/c/36ab7ada64caf08f10ee5a114d39964d1f91e81d -~~	() https://git.kernel.org/stable/c/36ab7ada64caf08f10ee5a114d39964d1f91e81d -
References	~~() https://git.kernel.org/stable/c/4ab99e3613139f026d2d8ba954819e2876120ab3 -~~	() https://git.kernel.org/stable/c/4ab99e3613139f026d2d8ba954819e2876120ab3 -
References	~~() https://git.kernel.org/stable/c/7186b81c1f15e39069b1af172c6a951728ed3511 -~~	() https://git.kernel.org/stable/c/7186b81c1f15e39069b1af172c6a951728ed3511 -
References	~~() https://git.kernel.org/stable/c/999586418600b4b3b93c2a0edd3a4ca71ee759bf -~~	() https://git.kernel.org/stable/c/999586418600b4b3b93c2a0edd3a4ca71ee759bf -
References	~~() https://git.kernel.org/stable/c/e0deb0e9c967b61420235f7f17a4450b4b4d6ce2 -~~	() https://git.kernel.org/stable/c/e0deb0e9c967b61420235f7f17a4450b4b4d6ce2 -
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/mlx5: Agregar verificación para el atributo srq max_sge El usuario pasa el atributo max_sge, se inserta y se usa sin marcar, así que verifique que el valor no exceda el valor máximo permitido antes usándolo.

12 Jul 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-12 13:15

Updated : 2025-11-03 22:17

NVD link : CVE-2024-40990

Mitre link : CVE-2024-40990

CVE.ORG link : CVE-2024-40990

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10