Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-43816
HistoryAug 17, 2024 - 10:15 a.m.

CVE-2024-43816

2024-08-1710:15:07
Linux
web.nvd.nist.gov
28
linux kernel
vulnerability
lpfc_prep_embed_io
endian macro
fcp targets
memory out of bounds

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

9.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages

On big endian architectures, it is possible to run into a memory out of
bounds pointer dereference when FCP targets are zoned.

In lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) is
referencing a little endian formatted sgl->sge_len value. So, the memcpy
can cause big endian systems to crash.

Redefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are
referring to a little endian formatted data structure. And, update the
routine with proper le32_to_cpu macro usages.

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.106.10.3
OR
linuxlinux_kernelRange6.11.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/lpfc/lpfc_sli.c"
    ],
    "versions": [
      {
        "version": "af20bb73ac25",
        "lessThan": "9fd003f344d5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "af20bb73ac25",
        "lessThan": "8bc7c617642d",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/lpfc/lpfc_sli.c"
    ],
    "versions": [
      {
        "version": "6.10",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.10",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.3",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

debiancve 1
nvd 1
ubuntucve 1
redhatcve 1
vulnrichment 1
cvelist 1
nessus 4
osv 4
debiancve
debiancve
CVE-2024-43816
2024-08-17 10:15:07
nvd
nvd
CVE-2024-43816
2024-08-17 10:15:07
ubuntucve
ubuntucve
CVE-2024-43816
2024-08-17 00:00:00
redhatcve
redhatcve
CVE-2024-43816
2024-08-19 13:45:02
vulnrichment
vulnrichment
CVE-2024-43816 scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
2024-08-17 09:21:38
cvelist
cvelist
CVE-2024-43816 scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
2024-08-17 09:21:38
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3190-1)
2024-09-11 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3209-1)
2024-09-12 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3195-1)
2024-09-11 00:00:00
osv
osv
Security update for the Linux Kernel
2024-09-10 08:46:37
Security update for the Linux Kernel
2024-09-11 15:39:03
Security update for the Linux Kernel
2024-09-10 09:06:25

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

9.5%

JSON
Related for CVE-2024-43816
debiancve1nvd1ubuntucve1redhatcve1vulnrichment1cvelist1nessus4osv4