CVE-2024-36025

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()

The app_reply->elem[] array is allocated earlier in this function and it has app_req.num_ports elements. Thus this > comparison needs to be >= to prevent memory corruption.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7878f22a2e03b69baf792f74488962981a1c9547 < 8c820f7c8e9b46238d277c575392fe9930207aabaffected
LinuxLinux7878f22a2e03b69baf792f74488962981a1c9547 < 9fc74e367be4247a5ac39bb8ec41eaa73fade510affected
LinuxLinux7878f22a2e03b69baf792f74488962981a1c9547 < 60b87b5ecbe07d70897d35947b0bb3e76ccd1b3aaffected
LinuxLinux7878f22a2e03b69baf792f74488962981a1c9547 < ea8ac95c22c93acecb710209a7fd10b851afe817affected
LinuxLinux7878f22a2e03b69baf792f74488962981a1c9547 < 4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbdaffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.156 <= 5.15.*unaffected
LinuxLinux6.1.87 <= 6.1.*unaffected
LinuxLinux6.6.28 <= 6.6.*unaffected
LinuxLinux6.8.7 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References