{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53161", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:25.002Z", "datePublished": "2024-12-24T11:29:01.938Z", "dateUpdated": "2025-01-20T06:20:05.345Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-20T06:20:05.345Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/bluefield: Fix potential integer overflow\n\nThe 64-bit argument for the \"get DIMM info\" SMC call consists of mem_ctrl_idx\nleft-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as\n32-bits wide the left-shift operation truncates the upper 16 bits of\ninformation during the calculation of the SMC argument.\n\nThe mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any\npotential integer overflow, i.e. loss of data from upper 16 bits."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/edac/bluefield_edac.c"], "versions": [{"version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f", "lessThan": "8cc31cfa36ff37aff399b72faa2ded58110112ae", "status": "affected", "versionType": "git"}, {"version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f", "lessThan": "e0269ea7a628fdeddd65b92fe29c09655dbb80b9", "status": "affected", "versionType": "git"}, {"version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f", "lessThan": "4ad7033de109d0fec99086f352f58a3412e378b8", "status": "affected", "versionType": "git"}, {"version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f", "lessThan": "578ca89b04680145d41011e7cec8806fefbb59e7", "status": "affected", "versionType": "git"}, {"version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f", "lessThan": "ac6ebb9edcdb7077e841862c402697c4c48a7c0a", "status": "affected", "versionType": "git"}, {"version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f", "lessThan": "fdb90006184aa84c7b4e09144ed0936d4e1891a7", "status": "affected", "versionType": "git"}, {"version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f", "lessThan": "000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5", "status": "affected", "versionType": "git"}, {"version": "82413e562ea6eadfb6de946dcc6f74af31d64e7f", "lessThan": "1fe774a93b46bb029b8f6fa9d1f25affa53f06c6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/edac/bluefield_edac.c"], "versions": [{"version": "5.4", "status": "affected"}, {"version": "0", "lessThan": "5.4", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.287", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.231", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.174", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.120", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.64", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.11", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.2", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/8cc31cfa36ff37aff399b72faa2ded58110112ae"}, {"url": "https://git.kernel.org/stable/c/e0269ea7a628fdeddd65b92fe29c09655dbb80b9"}, {"url": "https://git.kernel.org/stable/c/4ad7033de109d0fec99086f352f58a3412e378b8"}, {"url": "https://git.kernel.org/stable/c/578ca89b04680145d41011e7cec8806fefbb59e7"}, {"url": "https://git.kernel.org/stable/c/ac6ebb9edcdb7077e841862c402697c4c48a7c0a"}, {"url": "https://git.kernel.org/stable/c/fdb90006184aa84c7b4e09144ed0936d4e1891a7"}, {"url": "https://git.kernel.org/stable/c/000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5"}, {"url": "https://git.kernel.org/stable/c/1fe774a93b46bb029b8f6fa9d1f25affa53f06c6"}], "title": "EDAC/bluefield: Fix potential integer overflow", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E513D3B0-506E-425C-A343-5A5F0A6C4F14", "versionEndExcluding": "5.4.287", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935", "versionEndExcluding": "5.10.231", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89", "versionEndExcluding": "5.15.174", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265", "versionEndExcluding": "6.1.120", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7", "versionEndExcluding": "6.6.64", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/bluefield: Fix potential integer overflow\n\nThe 64-bit argument for the \"get DIMM info\" SMC call consists of mem_ctrl_idx\nleft-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as\n32-bits wide the left-shift operation truncates the upper 16 bits of\ninformation during the calculation of the SMC argument.\n\nThe mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any\npotential integer overflow, i.e. loss of data from upper 16 bits."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: EDAC/bluefield: corrige un posible desbordamiento de enteros. El argumento de 64 bits para la llamada SMC \"obtener informaci\u00f3n DIMM\" consta de mem_ctrl_idx desplazado a la izquierda 16 bits y con operaci\u00f3n OR con \u00edndice DIMM. Con mem_ctrl_idx definido como 32 bits de ancho, la operaci\u00f3n de desplazamiento a la izquierda trunca los 16 bits superiores de informaci\u00f3n durante el c\u00e1lculo del argumento SMC. La variable de pila mem_ctrl_idx debe definirse como de 64 bits de ancho para evitar cualquier posible desbordamiento de enteros, es decir, p\u00e9rdida de datos de los 16 bits superiores."}], "id": "CVE-2024-53161", "lastModified": "2025-02-03T15:25:26.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-24T12:15:24.453", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1fe774a93b46bb029b8f6fa9d1f25affa53f06c6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4ad7033de109d0fec99086f352f58a3412e378b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/578ca89b04680145d41011e7cec8806fefbb59e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8cc31cfa36ff37aff399b72faa2ded58110112ae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac6ebb9edcdb7077e841862c402697c4c48a7c0a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e0269ea7a628fdeddd65b92fe29c09655dbb80b9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fdb90006184aa84c7b4e09144ed0936d4e1891a7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: EDAC/bluefield: Fix potential integer overflow", "id": "2333977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333977"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nEDAC/bluefield: Fix potential integer overflow\nThe 64-bit argument for the \"get DIMM info\" SMC call consists of mem_ctrl_idx\nleft-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as\n32-bits wide the left-shift operation truncates the upper 16 bits of\ninformation during the calculation of the SMC argument.\nThe mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any\npotential integer overflow, i.e. loss of data from upper 16 bits."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent module bluefield_edac from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2024-53161", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53161\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53161\nhttps://lore.kernel.org/linux-cve-announce/2024122431-CVE-2024-53161-50f6@gregkh/T"], "statement": "Actual only for latest version of Red Hat Enterprise Linux 8 and latest version of Red Hat Enterprise Linux 9 (where configuration parameter CONFIG_EDAC_BLUEFIELD enabled as module). For triggering this bug need physical access (kind of insert malicious DIMM of memory), because it can happen only during boot or after DIMM of memory updated. Could happen only if this type of memory being used: \"Mellanox BlueField SoC\". The security impact is limited.", "threat_severity": "Low"}