CVE-2024-42286
Essential information
- Published
- 17/08/2024 09:15
- Modified
- 10/09/2024 19:02
- Author
- —
- Creator
- —
- CVSS
- 5.5 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- LOCAL
- Attack complexity
- LOW
- Privileges required
- LOW
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- NONE
- Integrity impact
- NONE
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: validate nvme_local_port correctly
The driver load failed with error message,
qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef
and with a kernel crash,
BUG: unable to handle kernel NULL pointer dereference at 0000000000000070
Workqueue: events_unbound qla_register_fcport_fn [qla2xxx]
RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]
RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000
RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000
RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030
R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4
R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8
FS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0
Call Trace:
qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]
? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]
qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]
qla_register_fcport_fn+0x54/0xc0 [qla2xxx]
Exit the qla_nvme_register_remote() function when qla_nvme_register_hba()
fails and correctly validate nvme_local_port.
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |