What is CVE-2024-40992?

CVE-2024-40992 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-40992 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-40992?

CVE-2024-40992 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-40992?

No patch is currently available for CVE-2024-40992. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-40992 actively exploited?

CVE-2024-40992 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-40992

Medium

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently dropped by the responder. The responder then waits for a new request packet. commit 689c5421bfe0 ("RDMA/rxe: Fix incorrect responder length checking") defers responder length check for UD QPs in function `copy_data`. But it introduces a regression issue for UD QPs. When the packet size is too large to fit in the receive buffer. `copy_data` will return error code -EINVAL. Then `send_data_in` will return RESPST_ERR_MALFORMED_WQE. UD QP will transfer into ERROR state.

Package Linux Kernel

Published 2024-07-12

Last modified 2025-10-07

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2024-40992 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/163868ec1f6c610d16da9e458fe1dd7d5de97341
Patch
Kernel patch commit
https://git.kernel.org/stable/c/943c94f41dfe36536dc9aaa12c9efdf548ceb996
Patch
Kernel patch commit
https://git.kernel.org/stable/c/f67ac0061c7614c1548963d3ef1ee1606efd8636
Patch

Details

CVE ID CVE-2024-40992

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-07-12

Modified 2025-10-07

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-40992?

CVE-2024-40992 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-40992 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-40992?

CVE-2024-40992 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-40992?

No patch is currently available for CVE-2024-40992. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-40992 actively exploited?

No — CVE-2024-40992 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.