CVE-2024-42145 in Linuxinfo

Summary

by MITRE • 07/30/2024

In the Linux kernel, the following vulnerability has been resolved:

IB/core: Implement a limit on UMAD receive List

The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow.

To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space.

Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/19/2025

The vulnerability described in CVE-2024-42145 resides within the Linux kernel's InfiniBand core subsystem, specifically affecting the ib_umad component responsible for handling MAD (Management Datagram) packets. This issue represents a classic resource exhaustion vulnerability that could lead to system instability and potential denial of service conditions. The problem manifests in the improper handling of received packets within the user-mode adapter management (UMAD) subsystem, where an unbounded list structure accumulates incoming MAD packets without adequate size constraints. This design flaw creates a scenario where malicious actors or even legitimate high-volume workloads could exploit the unlimited list growth to consume excessive system resources, ultimately leading to system performance degradation or complete system hang.

The technical implementation of this vulnerability stems from the fundamental design decision to maintain an unbounded list for received MAD packets in the IB/core subsystem. When user-space applications process these packets, the rate of packet consumption often fails to match the rate of packet arrival, creating a growing backlog that can consume all available memory resources. This behavior directly aligns with CWE-770, which describes the allocation of resources without proper limits, and represents a clear violation of resource management best practices. The vulnerability operates at the kernel level where the ib_umad module handles communication between kernel-space InfiniBand drivers and user-space applications, making it particularly dangerous as it can affect the stability of the entire kernel memory management system.

The operational impact of this vulnerability extends beyond simple resource exhaustion to potentially compromise the reliability of InfiniBand networking infrastructure that relies on the Linux kernel for communication management. Systems running high-volume InfiniBand workloads such as high-performance computing clusters, data center networks, or enterprise storage systems could experience significant performance degradation or complete service disruption. The specific implementation details reveal that the kernel's handling of packet queuing is not properly synchronized with the rate at which user-space applications can consume packets, creating a fundamental mismatch in system resource utilization patterns. This vulnerability affects systems that utilize the InfiniBand Subnet Manager (ISM) and other management functions that depend on the UMAD interface for packet processing and communication with management applications.

The mitigation strategy implemented in response to CVE-2024-42145 involves establishing a hard limit of 200k packets on the receive list, a decision based on realistic operational scenarios including OpenSM processing capabilities and standard retry timeouts. This approach follows the principle of defense in depth by implementing rate limiting and resource constraints at the kernel level. The solution specifically preserves packets that are queued due to timed-out sends even when the list reaches capacity, which demonstrates understanding of the underlying InfiniBand protocol behavior and timing requirements. This implementation aligns with ATT&CK technique T1499.004, which covers resource exhaustion attacks, by implementing proactive limits rather than reactive responses to resource consumption. The 200k packet limit represents a balance between maintaining sufficient buffering for normal operations while preventing catastrophic resource exhaustion that could affect system availability and stability.

The fix demonstrates proper understanding of system architecture and operational constraints by considering real-world processing capabilities and timeout behaviors. The implementation addresses the core issue identified in the vulnerability while maintaining backward compatibility and expected system behavior for legitimate use cases. The solution's effectiveness relies on the assumption that packets exceeding the limit are likely already timed out by the time they would be processed by user-space applications, which aligns with standard InfiniBand network management practices. This approach prevents the unbounded growth of kernel data structures while preserving critical packet handling functionality for legitimate network management operations. The mitigation strategy effectively transforms a potential denial of service vulnerability into a controlled resource management scenario where the system can gracefully handle packet overflow conditions without compromising overall system stability or performance.

Responsible

Linux

Reservation

07/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00248

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!