CVE-2024-42145 addresses a vulnerability in the Linux kernel's InfiniBand (IB) core subsystem, specifically in the handling of User MAD (Management Datagram) packets via the ib_umad interface. The vulnerability stems from the unbounded growth of the receive list that stores incoming MAD packets. In the existing implementation, the ib_umad subsystem maintains a list of received MAD packets without any upper limit on its size. This design flaw can lead to uncontrolled memory consumption if the rate at which user-space applications extract packets from this list does not keep pace with the incoming packet rate. Such a scenario can cause the receive list to grow indefinitely, potentially leading to resource exhaustion and denial of service (DoS) conditions on affected Linux systems. To mitigate this, the Linux kernel developers introduced a limit on the size of the receive list. The limit is set to 200,000 packets, based on typical operational scenarios such as OpenSM (Open Subnet Manager) processing capabilities and packet retry timeouts. When the list reaches this threshold, additional incoming packets are dropped, under the assumption that these packets would likely have timed out by the time they could be processed by user-space applications. Importantly, packets that are queued due to reasons like timed-out sends are preserved even when the list is full, ensuring that critical packet handling is not disrupted. This fix prevents the unbounded growth of the receive list, thereby mitigating the risk of resource exhaustion and improving the stability and reliability of the IB core subsystem in Linux kernels. No known exploits are reported in the wild at the time of publication, and the vulnerability does not have an assigned CVSS score yet.

For European organizations, the impact of CVE-2024-42145 primarily concerns systems that utilize Linux kernels with InfiniBand hardware and software stacks, commonly found in high-performance computing (HPC) environments, data centers, and research institutions. InfiniBand is widely used in scientific research, financial services, and large-scale enterprise environments where low-latency and high-throughput networking is critical. If exploited or triggered unintentionally, the vulnerability could lead to denial of service conditions due to memory exhaustion on affected Linux hosts, potentially disrupting critical HPC workloads or data center operations. This could result in downtime, loss of productivity, and increased operational costs. While the vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant in environments relying on InfiniBand for mission-critical applications. European organizations with HPC clusters, research labs, or financial institutions using InfiniBand-enabled Linux systems should be particularly vigilant. The absence of known exploits reduces immediate risk, but the potential for DoS conditions warrants prompt attention to patching and mitigation.

1. Apply the Linux kernel patch that introduces the receive list size limit for ib_umad as soon as it becomes available from your Linux distribution or kernel vendor. 2. Monitor InfiniBand subsystem logs and performance metrics to detect unusual growth in the receive list or packet drops, which could indicate attempts to trigger the vulnerability or operational issues. 3. Implement rate limiting or traffic shaping at the network level to control the volume of MAD packets sent to hosts, reducing the risk of overwhelming the receive list. 4. Regularly update and maintain InfiniBand firmware and drivers to ensure compatibility with kernel patches and overall system stability. 5. For critical HPC or data center environments, consider deploying redundancy and failover mechanisms to minimize service disruption in case of DoS conditions. 6. Educate system administrators and security teams about this vulnerability and incorporate checks into routine security audits and incident response plans. These steps go beyond generic advice by focusing on monitoring, network-level controls, and operational best practices specific to InfiniBand environments.