{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38542", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.919Z", "datePublished": "2024-06-19T13:35:17.310Z", "dateUpdated": "2024-12-19T09:04:06.397Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:04:06.397Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana_ib: boundary check before installing cq callbacks\n\nAdd a boundary check inside mana_ib_install_cq_cb to prevent index overflow."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/mana/cq.c"], "versions": [{"version": "cf9cc859d6ff37ce52c09dfbb169b9ee25595a3f", "lessThan": "f12afddfb142587d786df9e3cc4862190d3e2ec8", "status": "affected", "versionType": "git"}, {"version": "2a31c5a7e0d87959a03e846523013c75f4395a91", "lessThan": "168f6fbde0eabd71d1f4133df7d001a950b96977", "status": "affected", "versionType": "git"}, {"version": "2a31c5a7e0d87959a03e846523013c75f4395a91", "lessThan": "f79edef79b6a2161f4124112f9b0c46891bb0b74", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/mana/cq.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f12afddfb142587d786df9e3cc4862190d3e2ec8"}, {"url": "https://git.kernel.org/stable/c/168f6fbde0eabd71d1f4133df7d001a950b96977"}, {"url": "https://git.kernel.org/stable/c/f79edef79b6a2161f4124112f9b0c46891bb0b74"}], "title": "RDMA/mana_ib: boundary check before installing cq callbacks", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T15:44:47.071270Z", "id": "CVE-2024-38542", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T16:22:42.359Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.624Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f12afddfb142587d786df9e3cc4862190d3e2ec8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/168f6fbde0eabd71d1f4133df7d001a950b96977", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f79edef79b6a2161f4124112f9b0c46891bb0b74", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f12afddfb142587d786df9e3cc4862190d3e2ec8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/168f6fbde0eabd71d1f4133df7d001a950b96977", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f79edef79b6a2161f4124112f9b0c46891bb0b74", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.624Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-38542", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T15:44:47.071270Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T15:44:55.519Z"}}], "cna": {"title": "RDMA/mana_ib: boundary check before installing cq callbacks", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "cf9cc859d6ff", "lessThan": "f12afddfb142", "versionType": "git"}, {"status": "affected", "version": "2a31c5a7e0d8", "lessThan": "168f6fbde0ea", "versionType": "git"}, {"status": "affected", "version": "2a31c5a7e0d8", "lessThan": "f79edef79b6a", "versionType": "git"}], "programFiles": ["drivers/infiniband/hw/mana/cq.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.9"}, {"status": "unaffected", "version": "0", "lessThan": "6.9", "versionType": "semver"}, {"status": "unaffected", "version": "6.8.12", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9.3", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/infiniband/hw/mana/cq.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f12afddfb142587d786df9e3cc4862190d3e2ec8"}, {"url": "https://git.kernel.org/stable/c/168f6fbde0eabd71d1f4133df7d001a950b96977"}, {"url": "https://git.kernel.org/stable/c/f79edef79b6a2161f4124112f9b0c46891bb0b74"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana_ib: boundary check before installing cq callbacks\n\nAdd a boundary check inside mana_ib_install_cq_cb to prevent index overflow."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:29:33.296Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38542", "state": "PUBLISHED", "dateUpdated": "2024-11-07T16:22:42.359Z", "dateReserved": "2024-06-18T19:36:34.919Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-19T13:35:17.310Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana_ib: boundary check before installing cq callbacks\n\nAdd a boundary check inside mana_ib_install_cq_cb to prevent index overflow."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/mana_ib: verificaci\u00f3n de los l\u00edmites antes de instalar devoluciones de llamadas de cq Agregue una verificaci\u00f3n de los l\u00edmites dentro de mana_ib_install_cq_cb para evitar el desbordamiento del \u00edndice."}], "id": "CVE-2024-38542", "lastModified": "2024-11-21T09:26:17.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-19T14:15:14.487", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/168f6fbde0eabd71d1f4133df7d001a950b96977"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f12afddfb142587d786df9e3cc4862190d3e2ec8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f79edef79b6a2161f4124112f9b0c46891bb0b74"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/168f6fbde0eabd71d1f4133df7d001a950b96977"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/f12afddfb142587d786df9e3cc4862190d3e2ec8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/f79edef79b6a2161f4124112f9b0c46891bb0b74"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: RDMA/mana_ib: boundary check before installing cq callbacks", "id": "2293457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293457"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nRDMA/mana_ib: boundary check before installing cq callbacks\nAdd a boundary check inside mana_ib_install_cq_cb to prevent index overflow."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-38542", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38542\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38542\nhttps://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38542-2481@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.8.12, kernel 6.9.3, kernel 6.10-rc1"}