SB2024071399 - Resource management error in Linux kernel scsi qedi driver
Published: July 13, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071399
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2024-40978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0
- https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901
- https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7
- https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b
- https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241
- https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46
- https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75
- https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.96
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.36