7.8

CVE-2022-50030

scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input

Malformed user input to debugfs results in buffer overflow crashes.  Adapt
input string lengths to fit within internal buffers, leaving space for NULL
terminators.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.4.211
LinuxLinux Kernel Version >= 5.5 < 5.10.138
LinuxLinux Kernel Version >= 5.11 < 5.15.63
LinuxLinux Kernel Version >= 5.16 < 5.19.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.083
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/927907f1cbb3408cadde637fccfc17bb6b10a87d
Patch
https://git.kernel.org/stable/c/c29a4baaad38a332c0ae480cf6d6c5bf75ac1828
Patch
https://git.kernel.org/stable/c/b92506dc51f81741eb26609175ac206c20f06e0a
Patch
https://git.kernel.org/stable/c/2d544e9d19c109dfe34b3dc1253a8b2971abe060
Patch
https://git.kernel.org/stable/c/f8191d40aa612981ce897e66cda6a88db8df17bb
Patch