{"vulnerability": "CVE-2024-57890", "sightings": [{"uuid": "e73ad30a-1771-468b-8104-b7e18c7d7834", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57890", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrtyqeeic2r", "content": "", "creation_timestamp": "2025-01-15T13:16:48.529608Z"}, {"uuid": "0ef9b03f-b59a-465c-91cf-38292c42bbbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57890", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1756", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57890\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/uverbs: Prevent integer overflow issue\n\nIn the expression \"cmd.wqe_size * cmd.wr_count\", both variables are u32\nvalues that come from the user so the multiplication can lead to integer\nwrapping.  Then we pass the result to uverbs_request_next_ptr() which also\ncould potentially wrap.  The \"cmd.sge_count * sizeof(struct ib_uverbs_sge)\"\nmultiplication can also overflow on 32bit systems although it's fine on\n64bit systems.\n\nThis patch does two things.  First, I've re-arranged the condition in\nuverbs_request_next_ptr() so that the use controlled variable \"len\" is on\none side of the comparison by itself without any math.  Then I've modified\nall the callers to use size_mul() for the multiplications.\n\ud83d\udccf Published: 2025-01-15T13:05:42.690Z\n\ud83d\udccf Modified: 2025-01-15T13:05:42.690Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c57721b24bd897338a81a0ca5fff41600f0f1ad1\n2. https://git.kernel.org/stable/c/42a6eb4ed7a9a41ba0b83eb0c7e0225b5fca5608\n3. https://git.kernel.org/stable/c/c2f961c46ea0e5274c5c320d007c2dd949cf627a\n4. https://git.kernel.org/stable/c/346db03e9926ab7117ed9bf19665699c037c773c\n5. https://git.kernel.org/stable/c/b92667f755749cf10d9ef1088865c555ae83ffb7\n6. https://git.kernel.org/stable/c/b3ef4ae713360501182695dd47d6b4f6e1a43eb8\n7. https://git.kernel.org/stable/c/d0257e089d1bbd35c69b6c97ff73e3690ab149a9", "creation_timestamp": "2025-01-15T14:26:39.000000Z"}, {"uuid": "09cfc369-f77a-453e-b2fc-a46863638bee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57890", "type": "seen", "source": "https://t.me/cvedetector/15457", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57890 - Linux Kernel RDMA/uverbs Integer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-57890 \nPublished : Jan. 15, 2025, 1:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nRDMA/uverbs: Prevent integer overflow issue  \n  \nIn the expression \"cmd.wqe_size * cmd.wr_count\", both variables are u32  \nvalues that come from the user so the multiplication can lead to integer  \nwrapping.  Then we pass the result to uverbs_request_next_ptr() which also  \ncould potentially wrap.  The \"cmd.sge_count * sizeof(struct ib_uverbs_sge)\"  \nmultiplication can also overflow on 32bit systems although it's fine on  \n64bit systems.  \n  \nThis patch does two things.  First, I've re-arranged the condition in  \nuverbs_request_next_ptr() so that the use controlled variable \"len\" is on  \none side of the comparison by itself without any math.  Then I've modified  \nall the callers to use size_mul() for the multiplications. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T15:07:04.000000Z"}]}