PT-2025-3661 · Linux+2 · Linux Kernel+2

Published

2024-12-04

Updated

2025-10-15

CVE-2024-57936

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns the RDMA/bnxt re component in the Linux kernel, where the maximum number of SGEs (Scatter-Gather Elements) for a Work Request is not properly handled. Specifically, Gen P7 supports up to 13 SGEs, but the WQE (Work Queue Entry) software structure can only hold 6. This discrepancy causes the stack to potentially send requests with up to 13 SGEs, leading to traffic failures and system crashes. The solution involves using the definition for the maximum SGEs supported for variable size, which will work for both static and variable WQEs.

Recommendations Use the define for max SGE supported for variable size to resolve the issue. This will work for both static and variable WQEs.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2025-01867

CVE-2024-57936

OPENSUSE-SU-2025_0428-1

OPENSUSE-SU-2025_0499-1

OPENSUSE-SU-2025_0557-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0557-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

SUSE-SU-2025_0428-1

SUSE-SU-2025_0499-1

SUSE-SU-2025_0557-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-3661 · Linux+2 · Linux Kernel+2

CVE-2024-57936

Weakness Enumeration

Related Identifiers

Affected Products

References · 1459