Lucene search
LinuxVULNRICHMENT:CVE-2024-43816HistoryAug 17, 2024 - 9:21 a.m.
CVE-2024-43816 scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
2024-08-1709:21:38
Linux
github.com
2
linux kernel
scsi lpfc
endian macro
memory out of bounds
pointer dereference
fcp targets
big endian
little endian
crash
sgl.
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
On big endian architectures, it is possible to run into a memory out of
bounds pointer dereference when FCP targets are zoned.
In lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) is
referencing a little endian formatted sgl->sge_len value. So, the memcpy
can cause big endian systems to crash.
Redefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are
referring to a little endian formatted data structure. And, update the
routine with proper le32_to_cpu macro usages.
Related
cve
cve
CVE-2024-43816
2024-08-17 10:15:07
debiancve
debiancve
CVE-2024-43816
2024-08-17 10:15:07
nvd
nvd
CVE-2024-43816
2024-08-17 10:15:07
ubuntucve
ubuntucve
CVE-2024-43816
2024-08-17 00:00:00
redhatcve
redhatcve
CVE-2024-43816
2024-08-19 13:45:02
cvelist
cvelist
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3190-1)
2024-09-11 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3209-1)
2024-09-12 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3195-1)
2024-09-11 00:00:00
osv
osv
Security update for the Linux Kernel
2024-09-10 08:46:37
Security update for the Linux Kernel
2024-09-11 15:39:03
Security update for the Linux Kernel
2024-09-10 09:06:25
AI Score
6.8
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-43816