CVE-2024-42286
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-42286
CVE Details
| Release Date: | 2024-08-17 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nscsi: qla2xxx: validate nvme_local_port correctly\nThe driver load failed with error message,\nqla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef\nand with a kernel crash,\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000070\nWorkqueue: events_unbound qla_register_fcport_fn [qla2xxx]\nRIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc]\nRSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000\nRDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000\nRBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030\nR10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4\nR13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8\nFS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0\nCall Trace:\nqla_nvme_register_remote+0xeb/0x1f0 [qla2xxx]\n? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx]\nqla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx]\nqla_register_fcport_fn+0x54/0xc0 [qla2xxx]\nExit the qla_nvme_register_remote() function when qla_nvme_register_hba()\nfails and correctly validate nvme_local_port.
See more information about CVE-2024-42286 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12780 | 2024-10-11 |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12782 | 2024-10-14 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12682 | 2024-09-23 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12780 | 2024-10-11 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12782 | 2024-10-14 |
| Oracle Linux version 9 (kernel-uek) | ELSA-2024-12682 | 2024-09-23 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
