#VU94233 Out-of-bounds read in Linux kernel - CVE-2024-40901
Published: July 13, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU94233
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-40901
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee
- https://git.kernel.org/stable/c/19649e49a6df07cd2e03e0a11396fd3a99485ec2
- https://git.kernel.org/stable/c/0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16
- https://git.kernel.org/stable/c/521f333e644c4246ca04a4fc4772edc53dd2a801
- https://git.kernel.org/stable/c/46bab2bcd771e725ff5ca3a68ba68cfeac45676c
- https://git.kernel.org/stable/c/9079338c5a0d1f1fee34fb1c9e99b754efe414c5
- https://git.kernel.org/stable/c/18abb5db0aa9b2d48f7037a88b41af2eef821674
- https://git.kernel.org/stable/c/4254dfeda82f20844299dca6c38cbffcfd499f41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.35