Allocation of Resources Without Limits or Throttling Affecting kernel-uek-debug-core package, versions <0:5.15.0-210.163.7.el9uek


Severity

Recommended
high

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.04% (15th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Allocation of Resources Without Limits or Throttling vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-ORACLE9-KERNELUEKDEBUGCORE-7948845
  • published14 Sept 2024
  • disclosed30 Jul 2024

Introduced: 30 Jul 2024

CVE-2024-42145  (opens in a new tab)
CWE-770  (opens in a new tab)

How to fix?

Upgrade Oracle:9 kernel-uek-debug-core to version 0:5.15.0-210.163.7.el9uek or higher.
This issue was patched in ELSA-2024-12618.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-uek-debug-core package and not the kernel-uek-debug-core package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

IB/core: Implement a limit on UMAD receive List

The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow.

To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space.

Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full.

CVSS Scores

version 3.1