Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() The ucmd->log_sq_bb_count variable is controlled by the user so this shift can wrap. Fix it by using check_shl_overflow() in the same way that it was done in commit 515f60004ed9 ("RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size()").
Product status
839041329fd3410e07d614f81e75bb43367d8f89 (git) before 3d5ae269c4bd392ec1edbfb3bd031b8f42d7feff
839041329fd3410e07d614f81e75bb43367d8f89 (git) before 8feca625900777e02a449e53fe4121339934c38a
839041329fd3410e07d614f81e75bb43367d8f89 (git) before 9ad3221c86cc9c6305594b742d4a72dfbd4ea579
839041329fd3410e07d614f81e75bb43367d8f89 (git) before 9911be2155720221a4f1f722b22bd0e2388d8bcf
839041329fd3410e07d614f81e75bb43367d8f89 (git) before 3ce0df3493277b9df275cb8455d9c677ae701230
839041329fd3410e07d614f81e75bb43367d8f89 (git) before 196a6df08b08699ace4ce70e1efcdd9081b6565f
839041329fd3410e07d614f81e75bb43367d8f89 (git) before a183905869e692b6b7805b7472235585eff8e429
839041329fd3410e07d614f81e75bb43367d8f89 (git) before d50b3c73f1ac20dabc53dc6e9d64ce9c79a331eb
2.6.24
Any version before 2.6.24
4.19.283 (semver)
5.4.243 (semver)
5.10.180 (semver)
5.15.111 (semver)
6.1.28 (semver)
6.2.15 (semver)
6.3.2 (semver)
6.4 (original_commit_for_fix)
References
git.kernel.org/...c/3d5ae269c4bd392ec1edbfb3bd031b8f42d7feff
git.kernel.org/...c/8feca625900777e02a449e53fe4121339934c38a
git.kernel.org/...c/9ad3221c86cc9c6305594b742d4a72dfbd4ea579
git.kernel.org/...c/9911be2155720221a4f1f722b22bd0e2388d8bcf
git.kernel.org/...c/3ce0df3493277b9df275cb8455d9c677ae701230
git.kernel.org/...c/196a6df08b08699ace4ce70e1efcdd9081b6565f
git.kernel.org/...c/a183905869e692b6b7805b7472235585eff8e429
git.kernel.org/...c/d50b3c73f1ac20dabc53dc6e9d64ce9c79a331eb
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
