CVE-2024-40992
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-40992
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40992.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-40992
- Downstream
- Related
- Published
- 2024-07-12T12:37:35.800Z
- Modified
- 2025-11-20T05:08:37.569286Z
- Summary
- RDMA/rxe: Fix responder length checking for UD request packets
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix responder length checking for UD request packets
According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently dropped by the responder. The responder then waits for a new request packet.
commit 689c5421bfe0 ("RDMA/rxe: Fix incorrect responder length checking") defers responder length check for UD QPs in function
copy_data. But it introduces a regression issue for UD QPs.When the packet size is too large to fit in the receive buffer.
copy_datawill return error code -EINVAL. Thensend_data_inwill return RESPSTERRMALFORMED_WQE. UD QP will transfer into ERROR state. - References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced689c5421bfe0eac65526bd97a466b9590a6aad3cFixed163868ec1f6c610d16da9e458fe1dd7d5de97341
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced689c5421bfe0eac65526bd97a466b9590a6aad3cFixed943c94f41dfe36536dc9aaa12c9efdf548ceb996
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced689c5421bfe0eac65526bd97a466b9590a6aad3cFixedf67ac0061c7614c1548963d3ef1ee1606efd8636
Affected versions
v6.*
v6.1
v6.10-rc1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1100.0,
"function_hash": "138283113660359694044692081624110417933"
},
"id": "CVE-2024-40992-13b890fa",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f67ac0061c7614c1548963d3ef1ee1606efd8636",
"target": {
"file": "drivers/infiniband/sw/rxe/rxe_resp.c",
"function": "rxe_resp_check_length"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"15397375385720512370201820517397891883",
"232624663304750920906176847159319562150",
"334452225461594472724796542370002219672"
]
},
"id": "CVE-2024-40992-2322c9c8",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@163868ec1f6c610d16da9e458fe1dd7d5de97341",
"target": {
"file": "drivers/infiniband/sw/rxe/rxe_resp.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"15397375385720512370201820517397891883",
"232624663304750920906176847159319562150",
"334452225461594472724796542370002219672"
]
},
"id": "CVE-2024-40992-4c48b377",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@943c94f41dfe36536dc9aaa12c9efdf548ceb996",
"target": {
"file": "drivers/infiniband/sw/rxe/rxe_resp.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"15397375385720512370201820517397891883",
"232624663304750920906176847159319562150",
"334452225461594472724796542370002219672"
]
},
"id": "CVE-2024-40992-58af9d6e",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f67ac0061c7614c1548963d3ef1ee1606efd8636",
"target": {
"file": "drivers/infiniband/sw/rxe/rxe_resp.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1092.0,
"function_hash": "334500847059127156576408223519695189048"
},
"id": "CVE-2024-40992-63864a55",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@163868ec1f6c610d16da9e458fe1dd7d5de97341",
"target": {
"file": "drivers/infiniband/sw/rxe/rxe_resp.c",
"function": "rxe_resp_check_length"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1100.0,
"function_hash": "138283113660359694044692081624110417933"
},
"id": "CVE-2024-40992-e493031d",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@943c94f41dfe36536dc9aaa12c9efdf548ceb996",
"target": {
"file": "drivers/infiniband/sw/rxe/rxe_resp.c",
"function": "rxe_resp_check_length"
}
}
]