CVE-2024-42145: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-42145 affects the Linux kernel's InfiniBand (IB) core subsystem, specifically the UMAD (User MAD) receive functionality. The vulnerability was discovered in July 2024 and involves an unbounded list in the ib_umad component that maintains received MAD packets, which could potentially lead to uncontrolled growth (NVD).

The vulnerability exists in the ib_umad component where received MAD packets are maintained in an unbounded list. The rate of packet extraction by user-space applications may not match the rate of incoming packets, potentially causing list overflow. The CVSS v3.1 base score is 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-770: Allocation of Resources Without Limits or Throttling (NVD).

The vulnerability could lead to a denial of service condition through uncontrolled resource consumption. When user-space applications cannot extract packets from the list at the same rate as incoming packets, the system's memory resources could be exhausted (NVD).

A patch has been implemented that introduces a limit to the size of the receive list. The limit is set to 200,000 packets, based on typical scenarios such as OpenSM processing which handles approximately 100,000 packets per second with a 1-second retry timeout. Packets received beyond this limit are dropped, though packets queued due to timed-out sends are preserved even when the list is full (Kernel Patch).