7.8

CVE-2024-42159

scsi: mpi3mr: Sanitise num_phys

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Sanitise num_phys

Information is stored in mr_sas_port->phy_mask, values larger then size of
this field shouldn't be allowed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version11.0
LinuxLinux Kernel Version >= 6.1 < 6.1.98
LinuxLinux Kernel Version >= 6.2 < 6.6.39
LinuxLinux Kernel Version >= 6.7 < 6.9.9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.128
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b
Patch
https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0
Patch
https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df
Patch
https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Third Party Advisory
Mailing List