CVE-2024-57936: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57936 is a vulnerability discovered in the Linux kernel's RDMA/bnxt_re driver. The issue was identified in January 2025 and relates to a mismatch between the supported number of Scatter-Gather Elements (SGEs) in the Work Request for Gen P7 hardware and the software structure limitations. The vulnerability affects the Linux kernel's RDMA subsystem, specifically the Broadcom NetXtreme driver implementation (Kernel Git).

The technical issue stems from a discrepancy where Gen P7 hardware supports up to 13 SGEs, while the Work Queue Entry (WQE) software structure can only handle 6 SGEs. The system reports a maximum of 13 SGEs, causing the stack to accept requests with up to 13 SGEs, despite the software limitation. This mismatch leads to buffer overflow conditions when processing requests with more than 6 SGEs (Kernel Git).

When exploited, this vulnerability results in traffic failures and system crashes due to the mismatch between reported and actual SGE handling capabilities. The impact primarily affects systems using the Broadcom NetXtreme RDMA driver with Gen P7 hardware (Kernel Git).

The issue has been resolved by modifying the driver to use the correct maximum SGE value for variable size operations. The fix involves replacing the hard-coded BNXTQPLIBQPMAXSGL definition with BNXTVARMAX_SGE, ensuring compatibility with both static and variable WQEs. The fix has been incorporated into various Linux kernel versions including 5.10.234-1, 6.1.128-1, and 6.12.17-1 (Debian Security).