PT-2024-10499 · Linux+9 · Linux Kernel+9
Published
2024-04-24
·
Updated
2025-09-29
·
CVE-2024-40978
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The vulnerability is related to the scsi: qedi component in the Linux kernel. It is caused by the
qedi dbg do not recover cmd read() function invoking sprintf() directly on a user pointer, resulting in a crash. To fix this issue, a small local stack buffer for sprintf() should be used, and then simple read from buffer() should be called, which in turn makes the copy to user() call. The vulnerability can be exploited to cause a denial of service.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu