CVE-2024-53161

Summary

In the Linux kernel, the following vulnerability has been resolved:

EDAC/bluefield: Fix potential integer overflow

The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument.

The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux82413e562ea6eadfb6de946dcc6f74af31d64e7f < 8cc31cfa36ff37aff399b72faa2ded58110112aeaffected
LinuxLinux82413e562ea6eadfb6de946dcc6f74af31d64e7f < e0269ea7a628fdeddd65b92fe29c09655dbb80b9affected
LinuxLinux82413e562ea6eadfb6de946dcc6f74af31d64e7f < 4ad7033de109d0fec99086f352f58a3412e378b8affected
LinuxLinux82413e562ea6eadfb6de946dcc6f74af31d64e7f < 578ca89b04680145d41011e7cec8806fefbb59e7affected
LinuxLinux82413e562ea6eadfb6de946dcc6f74af31d64e7f < ac6ebb9edcdb7077e841862c402697c4c48a7c0aaffected
LinuxLinux82413e562ea6eadfb6de946dcc6f74af31d64e7f < fdb90006184aa84c7b4e09144ed0936d4e1891a7affected
LinuxLinux82413e562ea6eadfb6de946dcc6f74af31d64e7f < 000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5affected
LinuxLinux82413e562ea6eadfb6de946dcc6f74af31d64e7f < 1fe774a93b46bb029b8f6fa9d1f25affa53f06c6affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.287 <= 5.4.*unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.11.11 <= 6.11.*unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References