CVE-2024-57890

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue concerns an integer overflow problem in the RDMA/uverbs component of the Linux kernel. Specifically, the expression cmd.wqe size * cmd.wr count can lead to integer wrapping because both variables are u32 values that come from the user. This result is then passed to uverbs request next ptr(), which could also potentially wrap. Additionally, the multiplication cmd.sge count * sizeof(struct ib uverbs sge) can overflow on 32-bit systems. To address this, the condition in uverbs request next ptr() has been rearranged, and all callers have been modified to use size mul() for multiplications.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider restricting the use of the RDMA/uverbs component until the update can be applied.