{"id":"CVE-2024-57890","summary":"RDMA/uverbs: Prevent integer overflow issue","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/uverbs: Prevent integer overflow issue\n\nIn the expression \"cmd.wqe_size * cmd.wr_count\", both variables are u32\nvalues that come from the user so the multiplication can lead to integer\nwrapping.  Then we pass the result to uverbs_request_next_ptr() which also\ncould potentially wrap.  The \"cmd.sge_count * sizeof(struct ib_uverbs_sge)\"\nmultiplication can also overflow on 32bit systems although it's fine on\n64bit systems.\n\nThis patch does two things.  First, I've re-arranged the condition in\nuverbs_request_next_ptr() so that the use controlled variable \"len\" is on\none side of the comparison by itself without any math.  Then I've modified\nall the callers to use size_mul() for the multiplications.","modified":"2026-04-16T04:34:54.087535643Z","published":"2025-01-15T13:05:42.690Z","related":["SUSE-SU-2025:0289-1","SUSE-SU-2025:0428-1","SUSE-SU-2025:0499-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:0565-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7379-2","USN-7380-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57890.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/346db03e9926ab7117ed9bf19665699c037c773c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/42a6eb4ed7a9a41ba0b83eb0c7e0225b5fca5608"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b3ef4ae713360501182695dd47d6b4f6e1a43eb8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b92667f755749cf10d9ef1088865c555ae83ffb7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c2f961c46ea0e5274c5c320d007c2dd949cf627a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c57721b24bd897338a81a0ca5fff41600f0f1ad1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0257e089d1bbd35c69b6c97ff73e3690ab149a9"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57890.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57890"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"67cdb40ca444c09853ab4d8a41cf547ac26a4de4"},{"fixed":"c57721b24bd897338a81a0ca5fff41600f0f1ad1"},{"fixed":"42a6eb4ed7a9a41ba0b83eb0c7e0225b5fca5608"},{"fixed":"c2f961c46ea0e5274c5c320d007c2dd949cf627a"},{"fixed":"346db03e9926ab7117ed9bf19665699c037c773c"},{"fixed":"b92667f755749cf10d9ef1088865c555ae83ffb7"},{"fixed":"b3ef4ae713360501182695dd47d6b4f6e1a43eb8"},{"fixed":"d0257e089d1bbd35c69b6c97ff73e3690ab149a9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57890.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}