CVE-2024-43816

Aug. 19, 2024, 12:59 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out of bounds pointer dereference when FCP targets are zoned. In lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) is referencing a little endian formatted sgl->sge_len value. So, the memcpy can cause big endian systems to crash. Redefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are referring to a little endian formatted data structure. And, update the routine with proper le32_to_cpu macro usages.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/8bc7c617642db6d8d20ee671fb6c4513017e7a7e
https://git.kernel.org/stable/c/9fd003f344d502f65252963169df3dd237054e49

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-08-17
CVE-2024-43816

Timeline

Published: Aug. 17, 2024, 10:15 a.m.
Last Modified: Aug. 19, 2024, 12:59 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.