PT-2024-10196 · Linux+6 · Linux Kernel+6
Dan Carpenter
·
Published
2024-11-11
·
Updated
2025-10-03
·
CVE-2024-53151
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to an integer overflow in the svcrdma component of the Linux kernel. This overflow can be triggered by a user-controlled value, potentially allowing an attacker to execute arbitrary code. The problem arises from a commit in the Linux kernel that introduced a "parsed chunk list" data structure, leading to a warning from the Smatch static checker about a potential user-controlled sizeof overflow. The
segcount variable, an untrusted u32, is used in a calculation that can cause an integer overflow on 32-bit systems, which may be accepted by xdr inline decode().Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu