5.5

CVE-2024-36025

scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()

The app_reply->elem[] array is allocated earlier in this function and it
has app_req.num_ports elements.  Thus this > comparison needs to be >= to
prevent memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.156
LinuxLinux Kernel Version >= 5.16 < 6.1.87
LinuxLinux Kernel Version >= 6.2 < 6.6.28
LinuxLinux Kernel Version >= 6.7 < 6.8.7
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.161
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

https://git.kernel.org/stable/c/4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd
Patch
https://git.kernel.org/stable/c/60b87b5ecbe07d70897d35947b0bb3e76ccd1b3a
Patch
https://git.kernel.org/stable/c/8c820f7c8e9b46238d277c575392fe9930207aab
Patch
https://git.kernel.org/stable/c/9fc74e367be4247a5ac39bb8ec41eaa73fade510
Patch
https://git.kernel.org/stable/c/ea8ac95c22c93acecb710209a7fd10b851afe817
Patch