{"id":"CVE-2024-53151","summary":"svcrdma: Address an integer overflow","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsvcrdma: Address an integer overflow\n\nDan Carpenter reports:\n\u003e Commit 78147ca8b4a9 (\"svcrdma: Add a \"parsed chunk list\" data\n\u003e structure\") from Jun 22, 2020 (linux-next), leads to the following\n\u003e Smatch static checker warning:\n\u003e\n\u003e\tnet/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk()\n\u003e\twarn: potential user controlled sizeof overflow 'segcount * 4 * 4'\n\u003e\n\u003e net/sunrpc/xprtrdma/svc_rdma_recvfrom.c\n\u003e     488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt)\n\u003e     489 {\n\u003e     490         u32 segcount;\n\u003e     491         __be32 *p;\n\u003e     492\n\u003e     493         if (xdr_stream_decode_u32(&rctxt-\u003erc_stream, &segcount))\n\u003e                                                               ^^^^^^^^\n\u003e\n\u003e     494                 return false;\n\u003e     495\n\u003e     496         /* A bogus segcount causes this buffer overflow check to fail. */\n\u003e     497         p = xdr_inline_decode(&rctxt-\u003erc_stream,\n\u003e --\u003e 498                               segcount * rpcrdma_segment_maxsz * sizeof(*p));\n\u003e\n\u003e\n\u003e segcount is an untrusted u32.  On 32bit systems anything \u003e= SIZE_MAX / 16 will\n\u003e have an integer overflow and some those values will be accepted by\n\u003e xdr_inline_decode().","modified":"2026-03-20T12:40:46.975765Z","published":"2024-12-24T11:28:50.917Z","related":["SUSE-SU-2025:0117-1","SUSE-SU-2025:0153-1","SUSE-SU-2025:0154-1","SUSE-SU-2025:0289-1","SUSE-SU-2025:0556-1","SUSE-SU-2025:0577-1","SUSE-SU-2025:0577-2","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7276-1","USN-7277-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53151.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/21e1cf688fb0397788c8dd42e1e0b08d58ac5c7b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3c63d8946e578663b868cb9912dac616ea68bfd0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4cbc3ba6dc2f746497cade60bcbaa82ae3696689"},{"type":"WEB","url":"https://git.kernel.org/stable/c/838dd342962cef4c320632a5af48d3c31f2f9877"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c1f8195bf68edd2cef0f18a4cead394075a54b5a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e5c440c227ecdc721f2da0dd88b6358afd1031a7"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53151.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53151"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"78147ca8b4a9b6cf0e597ddd6bf17959e08376c2"},{"fixed":"21e1cf688fb0397788c8dd42e1e0b08d58ac5c7b"},{"fixed":"c1f8195bf68edd2cef0f18a4cead394075a54b5a"},{"fixed":"838dd342962cef4c320632a5af48d3c31f2f9877"},{"fixed":"4cbc3ba6dc2f746497cade60bcbaa82ae3696689"},{"fixed":"e5c440c227ecdc721f2da0dd88b6358afd1031a7"},{"fixed":"3c63d8946e578663b868cb9912dac616ea68bfd0"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53151.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}