CVE-2024-40901

CVE Details

Release Date:

2024-07-12

Description

In the Linux kernel, the following vulnerability has been resolved:\nscsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory\nThere is a potential out-of-bounds access when using test_bit() on a single\nword. The test_bit() and set_bit() functions operate on long values, and\nwhen testing or setting a single word, they can exceed the word\nboundary. KASAN detects this issue and produces a dump:\nBUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas\nWrite of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965\nFor full log, please look at [1].\nMake the allocation at least the size of sizeof(unsigned long) so that\nset_bit() and test_bit() have sufficient room for read/write operations\nwithout overwriting unallocated memory.\n[1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/

See more information about CVE-2024-40901 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	5.5	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12610	2024-09-10
Oracle Linux version 7 (kernel-uek-container)	ELSA-2024-12612	2024-09-11
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12610	2024-09-10
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12618	2024-09-12
Oracle Linux version 8 (kernel-uek-container)	ELSA-2024-12612	2024-09-11
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12618	2024-09-12