SB2024071333 - Out-of-bounds read in Linux kernel scsi mpt3sas driver
Published: July 13, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071333
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2024-40901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee
- https://git.kernel.org/stable/c/19649e49a6df07cd2e03e0a11396fd3a99485ec2
- https://git.kernel.org/stable/c/0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16
- https://git.kernel.org/stable/c/521f333e644c4246ca04a4fc4772edc53dd2a801
- https://git.kernel.org/stable/c/46bab2bcd771e725ff5ca3a68ba68cfeac45676c
- https://git.kernel.org/stable/c/9079338c5a0d1f1fee34fb1c9e99b754efe414c5
- https://git.kernel.org/stable/c/18abb5db0aa9b2d48f7037a88b41af2eef821674
- https://git.kernel.org/stable/c/4254dfeda82f20844299dca6c38cbffcfd499f41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.35