CVE-2024-49568

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-49568
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49568.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-49568
Downstream
Related
Published
2025-01-11T12:35:36.190Z
Modified
2026-03-23T04:59:57.641135309Z
Summary
net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg
Details

In the Linux kernel, the following vulnerability has been resolved:

net/smc: check v2extoffset/eidcnt/ismgid_cnt when receiving proposal msg

When receiving proposal msg in server, the fields v2extoffset/ eidcnt/ismgidcnt in proposal msg are from the remote client and can not be fully trusted. Especially the field v2ext_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen.

This patch checks the fields v2extoffset/eidcnt/ismgid_cnt before using them.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49568.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8c3dca341aea885249e08856c4380300b75d2cf5
Fixed
295a92e3df32e72aff0f4bc25c310e349d07ffbf
Fixed
42f6beb2d5779429417b5f8115a4e3fa695d2a6c
Fixed
7863c9f3d24ba49dbead7e03dfbe40deb5888fdf

Affected versions

v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.9
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.13-rc1
v6.13-rc2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures 
[
    {
        "digest": {
            "length": 1336.0,
            "function_hash": "1870292945537675156512157701112626631"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2024-49568-0345f9c4",
        "target": {
            "function": "smc_find_rdma_v2_device_serv",
            "file": "net/smc/af_smc.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@295a92e3df32e72aff0f4bc25c310e349d07ffbf"
    },
    {
        "digest": {
            "length": 298.0,
            "function_hash": "177703179572212957664810212119129815142"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2024-49568-06620049",
        "target": {
            "function": "smc_get_clc_v2_ext",
            "file": "net/smc/smc_clc.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@295a92e3df32e72aff0f4bc25c310e349d07ffbf"
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "67351709616596157418342034455617755434",
                "213278234263678131731520466084788674999",
                "236012483255719910565828676519813475738",
                "225703758986821659765555943542567274527",
                "109144583777346978687084157564526833059",
                "265069641545940594345877357650531192127",
                "193337372881893928347067545108765690456",
                "165863723098329556814490723680095629860"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2024-49568-2191adc4",
        "target": {
            "file": "net/smc/smc_clc.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@295a92e3df32e72aff0f4bc25c310e349d07ffbf"
    },
    {
        "digest": {
            "length": 964.0,
            "function_hash": "90145872051921243289566070249933143197"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2024-49568-3193ca93",
        "target": {
            "function": "smc_clc_msg_prop_valid",
            "file": "net/smc/smc_clc.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@295a92e3df32e72aff0f4bc25c310e349d07ffbf"
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "230766815980930256013937285471475335453",
                "207295028667246676704957027111654058186",
                "19792493122386602875412571278492523568",
                "320327425251530727183973927616921274568",
                "23513149253462693268306395363539126549"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2024-49568-ecfc525f",
        "target": {
            "file": "net/smc/smc_clc.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@295a92e3df32e72aff0f4bc25c310e349d07ffbf"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "109345278224930133096903002835514984580",
                "138079280322008621682742913211087418572",
                "280766311058817991533186329014816248016",
                "108491298748715497869140300071559811953"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2024-49568-f960218c",
        "target": {
            "file": "net/smc/af_smc.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@295a92e3df32e72aff0f4bc25c310e349d07ffbf"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49568.json"