Lucene search
416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-43816HistoryAug 17, 2024 - 10:15 a.m.
CVE-2024-43816
2024-08-1710:15:07
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
2
linux kernel
vulnerability
lpfc
improper endian macro
big endian
memory out of bounds
pointer dereference
fcp targets
zoned
memcpy
struct sli4_sge_le
le32_to_cpu
EPSS
0
Percentile
9.5%
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
On big endian architectures, it is possible to run into a memory out of
bounds pointer dereference when FCP targets are zoned.
In lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) is
referencing a little endian formatted sgl->sge_len value. So, the memcpy
can cause big endian systems to crash.
Redefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are
referring to a little endian formatted data structure. And, update the
routine with proper le32_to_cpu macro usages.
Related
cve
cve
CVE-2024-43816
2024-08-17 10:15:07
debiancve
debiancve
CVE-2024-43816
2024-08-17 10:15:07
ubuntucve
ubuntucve
CVE-2024-43816
2024-08-17 00:00:00
redhatcve
redhatcve
CVE-2024-43816
2024-08-19 13:45:02
vulnrichment
vulnrichment
cvelist
cvelist
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3190-1)
2024-09-11 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3209-1)
2024-09-12 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3195-1)
2024-09-11 00:00:00
osv
osv
Security update for the Linux Kernel
2024-09-10 08:46:37
Security update for the Linux Kernel
2024-09-11 15:39:03
Security update for the Linux Kernel
2024-09-10 09:06:25