AI Score
Confidence
Low
EPSS
Percentile
15.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
In the Linux kernel, the following vulnerability has been resolved:
nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
The nvme_fc_fcp_op structure describing an AEN operation is initialized with a
null request structure pointer. An FC LLDD may make a call to
nvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.
Add validation of the request structure pointer before dereference.
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/nvme/host/fc.c"
],
"versions": [
{
"version": "1da177e4c3f4",
"lessThan": "be90c9e29dd5",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "dd46b3ac7322",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "8ae5b3a685dc",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/nvme/host/fc.c"
],
"versions": [
{
"version": "6.1.56",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.5.6",
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]