{
  "threat_severity" : "Low",
  "public_date" : "2024-04-17T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment",
    "id" : "2275633",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2275633"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-99",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/mlx5: Fix fortify source warning while accessing Eth segment\n------------[ cut here ]------------\nmemcpy: detected field-spanning write (size 56) of single field \"eseg->inline_hdr.start\" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)\nWARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\nModules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy\n[last unloaded: mlx_compat(OE)]\nCPU: 0 PID: 293779 Comm: ssh Tainted: G           OE      6.2.0-32-generic #32~22.04.1-Ubuntu\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nRIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\nCode: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7\nRSP: 0018:ffffb5b48478b570 EFLAGS: 00010046\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8\nR13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80\nFS:  00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\n? show_regs+0x72/0x90\n? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n? __warn+0x8d/0x160\n? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n? report_bug+0x1bb/0x1d0\n? handle_bug+0x46/0x90\n? exc_invalid_op+0x19/0x80\n? asm_exc_invalid_op+0x1b/0x20\n? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\nmlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]\nipoib_send+0x2ec/0x770 [ib_ipoib]\nipoib_start_xmit+0x5a0/0x770 [ib_ipoib]\ndev_hard_start_xmit+0x8e/0x1e0\n? validate_xmit_skb_list+0x4d/0x80\nsch_direct_xmit+0x116/0x3a0\n__dev_xmit_skb+0x1fd/0x580\n__dev_queue_xmit+0x284/0x6b0\n? _raw_spin_unlock_irq+0xe/0x50\n? __flush_work.isra.0+0x20d/0x370\n? push_pseudo_header+0x17/0x40 [ib_ipoib]\nneigh_connected_output+0xcd/0x110\nip_finish_output2+0x179/0x480\n? __smp_call_single_queue+0x61/0xa0\n__ip_finish_output+0xc3/0x190\nip_finish_output+0x2e/0xf0\nip_output+0x78/0x110\n? __pfx_ip_finish_output+0x10/0x10\nip_local_out+0x64/0x70\n__ip_queue_xmit+0x18a/0x460\nip_queue_xmit+0x15/0x30\n__tcp_transmit_skb+0x914/0x9c0\ntcp_write_xmit+0x334/0x8d0\ntcp_push_one+0x3c/0x60\ntcp_sendmsg_locked+0x2e1/0xac0\ntcp_sendmsg+0x2d/0x50\ninet_sendmsg+0x43/0x90\nsock_sendmsg+0x68/0x80\nsock_write_iter+0x93/0x100\nvfs_write+0x326/0x3c0\nksys_write+0xbd/0xf0\n? do_syscall_64+0x69/0x90\n__x64_sys_write+0x19/0x30\ndo_syscall_\n---truncated---", "A flaw was found in the Linux kernel's mlx5 InfiniBand driver. Certain scenarios could lead to a use-after-free issue, potentially allowing an attacker to escalate their privileges or affect system integrity or stability." ],
  "statement" : "This flaw only affects systems that actively use specific InfiniBand hardware, and because exploitation would require an attacker to have the means to cause or otherwise be able to profile network traffic over those interfaces, Red Hat assesses the impact of this vulnerability as Low.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-07-08T00:00:00Z",
    "advisory" : "RHSA-2024:4352",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-07-02T00:00:00Z",
    "advisory" : "RHSA-2024:4211",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.8.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8248",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.70.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26907\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26907\nhttps://lore.kernel.org/linux-cve-announce/2024041746-CVE-2024-26907-a02d@gregkh/T" ],
  "name" : "CVE-2024-26907",
  "csaw" : false
}