SB2024062048 - Out-of-bounds read in Linux kernel scsi qedf driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2024-38559)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95
• https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59
• https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c
• https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255
• https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613
• https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d
• https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8
• https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9
• https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12