CVE-2024-42148

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a read/write out of bounds that occurs on the array "struct stats query entry query" present inside the "bnx2x fw stats req" struct in "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h". This happens when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FP SB MAX E1x using the num queues module parameter. The array has a total size of 19, and accesses to it are offset-ted by BNX2X FIRST QUEUE QUERY IDX. The total number of Ethernet queues should not exceed FP SB MAX E1x (16), but one of these queues is reserved for FCOE. The number of Ethernet queues should be set to [FP SB MAX E1x -1] (15) if FCOE is enabled or [FP SB MAX E1x] (16) if it is not.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.