CVE-2024-40992

Published: Jul 12, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently dropped by the responder. The responder then waits for a new request packet. commit 689c5421bfe0 ("RDMA/rxe: Fix incorrect responder length checking") defers responder length check for UD QPs in function `copy_data`. But it introduces a regression issue for UD QPs. When the packet size is too large to fit in the receive buffer. `copy_data` will return error code -EINVAL. Then `send_data_in` will return RESPST_ERR_MALFORMED_WQE. UD QP will transfer into ERROR state.

Vendor	Product	Versions
Linux	Linux	affected `689c5421bfe0eac65526bd97a466b9590a6aad3c - < 163868ec1f6c610d16da9e458fe1dd7d5de97341` affected `689c5421bfe0eac65526bd97a466b9590a6aad3c - < 943c94f41dfe36536dc9aaa12c9efdf548ceb996` affected `689c5421bfe0eac65526bd97a466b9590a6aad3c - < f67ac0061c7614c1548963d3ef1ee1606efd8636`
Linux	Linux	affected `6.2` unaffected `0 - < 6.2` unaffected `6.6.36 - <= 6.6.` unaffected `6.9.7 - <= 6.9.` unaffected `6.10 - <= *`

References

https://git.kernel.org/stable/c/163868ec1f6c610d16da9e458fe1dd7d5de97341

https://git.kernel.org/stable/c/943c94f41dfe36536dc9aaa12c9efdf548ceb996

https://git.kernel.org/stable/c/f67ac0061c7614c1548963d3ef1ee1606efd8636

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-40992

Description

Affected Products

References