{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-57936", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-19T11:50:08.377Z", "datePublished": "2025-01-21T12:01:31.907Z", "dateUpdated": "2025-05-04T10:07:02.896Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T10:07:02.896Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix max SGEs for the Work Request\n\nGen P7 supports up to 13 SGEs for now. WQE software structure\ncan hold only 6 now. Since the max send sge is reported as\n13, the stack can give requests up to 13 SGEs. This is causing\ntraffic failures and system crashes.\n\nUse the define for max SGE supported for variable size. This\nwill work for both static and variable WQEs."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/bnxt_re/qplib_fp.h"], "versions": [{"version": "36e1b6890f228ccfc867031ecedffe50958b25e4", "lessThan": "3de1b50f055dc2ca7072a526cdda21f691c22dd9", "status": "affected", "versionType": "git"}, {"version": "227f51743b61fe3f6fc481f0fb8086bf8c49b8c9", "lessThan": "9a479088e0c8f6140b8c7752b563bc8c6c6dcc8c", "status": "affected", "versionType": "git"}, {"version": "227f51743b61fe3f6fc481f0fb8086bf8c49b8c9", "lessThan": "79d330fbdffd8cee06d8bdf38d82cb62d8363a27", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/bnxt_re/qplib_fp.h"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.9", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3de1b50f055dc2ca7072a526cdda21f691c22dd9"}, {"url": "https://git.kernel.org/stable/c/9a479088e0c8f6140b8c7752b563bc8c6c6dcc8c"}, {"url": "https://git.kernel.org/stable/c/79d330fbdffd8cee06d8bdf38d82cb62d8363a27"}], "title": "RDMA/bnxt_re: Fix max SGEs for the Work Request", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix max SGEs for the Work Request\n\nGen P7 supports up to 13 SGEs for now. WQE software structure\ncan hold only 6 now. Since the max send sge is reported as\n13, the stack can give requests up to 13 SGEs. This is causing\ntraffic failures and system crashes.\n\nUse the define for max SGE supported for variable size. This\nwill work for both static and variable WQEs."}], "id": "CVE-2024-57936", "lastModified": "2025-01-21T12:15:27.257", "metrics": {}, "published": "2025-01-21T12:15:27.257", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3de1b50f055dc2ca7072a526cdda21f691c22dd9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/79d330fbdffd8cee06d8bdf38d82cb62d8363a27"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9a479088e0c8f6140b8c7752b563bc8c6c6dcc8c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: RDMA/bnxt_re: Fix max SGEs for the Work Request", "id": "2339128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339128"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nRDMA/bnxt_re: Fix max SGEs for the Work Request\nGen P7 supports up to 13 SGEs for now. WQE software structure\ncan hold only 6 now. Since the max send sge is reported as\n13, the stack can give requests up to 13 SGEs. This is causing\ntraffic failures and system crashes.\nUse the define for max SGE supported for variable size. This\nwill work for both static and variable WQEs."], "name": "CVE-2024-57936", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-57936\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57936\nhttps://lore.kernel.org/linux-cve-announce/2025012149-CVE-2024-57936-03a6@gregkh/T"], "threat_severity": "Low"}