CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-57973: rdma/cxgb4: Prevent potential integer overflow on 32bit

Description

In the Linux kernel, the following vulnerability has been resolved:

rdma/cxgb4: Prevent potential integer overflow on 32bit

The "gl->tot_len" variable is controlled by the user. It comes from
process_responses(). On 32bit systems, the "gl->tot_len + sizeof(struct
cpl_pass_accept_req) + sizeof(struct rss_header)" addition could have an
integer wrapping bug. Use size_add() to prevent this.

Classification

CVE ID: CVE-2024-57973

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.76% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-57973
https://git.kernel.org/stable/c/4422f452d028850b9cc4fd8f1cf45a8ff91855eb
https://git.kernel.org/stable/c/de8d88b68d0cfd41152a7a63d6aec0ed3e1b837a
https://git.kernel.org/stable/c/dd352107f22bfbecbbf3b74bde14f3f932296309
https://git.kernel.org/stable/c/aeb814484387811b3579d5c78ad4eb301e3bf1c8
https://git.kernel.org/stable/c/bd96a3935e89486304461a21752f824fc25e0f0b

Timeline