scsi: qedi: Fix crash while reading debugfs attribute

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2024-40978
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2024-07-12 13:15:19 UTC
Updated2026-05-12 12:17:01 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf() and then call simple_read_from_buffer(), which in turns make the copy_to_user() call. BUG: unable to handle page fault for address: 00007f4801111000 PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0 Oops: 0002 [#1] PREEMPT SMP PTI Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023 RIP: 0010:memcpy_orig+0xcd/0x130 RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202 RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000 RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572 R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af FS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x183/0x510 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x22/0x30 ? memcpy_orig+0xcd/0x130 vsnprintf+0x102/0x4c0 sprintf+0x51/0x80 qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324] full_proxy_read+0x50/0x80 vfs_read+0xa5/0x2e0 ? folio_add_new_anon_rmap+0x44/0xa0 ? set_pte_at+0x15/0x30 ? do_pte_missing+0x426/0x7f0 ksys_read+0xa5/0xe0 do_syscall_64+0x58/0x80 ? __count_memcg_events+0x46/0x90 ? count_memcg_event_mm+0x3d/0x60 ? handle_mm_fault+0x196/0x2f0 ? do_user_addr_fault+0x267/0x890 ? exc_page_fault+0x69/0x150 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4800f20b4d

Risk And Classification

Primary CVSS: v3.1 7.1 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Problem Types: CWE-125

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected ace7f46ba5fde7273207c7122b0650ceb72510e0 56bec63a7fc87ad50b3373a87517dc9770eef9e0 git Not specified
CNA Linux Linux affected ace7f46ba5fde7273207c7122b0650ceb72510e0 21c963de2e86e88f6a8ca556bcebb8e62ab8e901 git Not specified
CNA Linux Linux affected ace7f46ba5fde7273207c7122b0650ceb72510e0 144d76a676b630e321556965011b00e2de0b40a7 git Not specified
CNA Linux Linux affected ace7f46ba5fde7273207c7122b0650ceb72510e0 397a8990c377ee4b61d6df768e61dff9e316d46b git Not specified
CNA Linux Linux affected ace7f46ba5fde7273207c7122b0650ceb72510e0 eaddb86637669f6bad89245ee63f8fb2bfb50241 git Not specified
CNA Linux Linux affected ace7f46ba5fde7273207c7122b0650ceb72510e0 fa85b016a56b9775a3fe41e5d26e666945963b46 git Not specified
CNA Linux Linux affected ace7f46ba5fde7273207c7122b0650ceb72510e0 e2f433ea7d0ff77998766a088a287337fb43ad75 git Not specified
CNA Linux Linux affected ace7f46ba5fde7273207c7122b0650ceb72510e0 28027ec8e32ecbadcd67623edb290dad61e735b5 git Not specified
CNA Linux Linux affected 4.10 Not specified
CNA Linux Linux unaffected 4.10 semver Not specified
CNA Linux Linux unaffected 4.19.317 4.19.* semver Not specified
CNA Linux Linux unaffected 5.4.279 5.4.* semver Not specified
CNA Linux Linux unaffected 5.10.221 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.162 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.96 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.36 6.6.* semver Not specified
CNA Linux Linux unaffected 6.9.7 6.9.* semver Not specified
CNA Linux Linux unaffected 6.10 * original_commit_for_fix Not specified
ADP Siemens RUGGEDCOM RST2428P unaffected * custom Not specified
ADP Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 Family unaffected * custom Not specified
ADP Siemens SCALANCE XCM-/XRM-/XCH-/XRH-300 Family unaffected * custom Not specified
ADP Siemens SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem affected * custom Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46 af854a3a-2127-422b-91ae-364da2661108 git.kernel.org Patch
git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901 af854a3a-2127-422b-91ae-364da2661108 git.kernel.org Patch
git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5 af854a3a-2127-422b-91ae-364da2661108 git.kernel.org Patch
git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b af854a3a-2127-422b-91ae-364da2661108 git.kernel.org Patch
git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75 af854a3a-2127-422b-91ae-364da2661108 git.kernel.org Patch
git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241 af854a3a-2127-422b-91ae-364da2661108 git.kernel.org Patch
cert-portal.siemens.com/productcert/html/ssa-265688.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7 af854a3a-2127-422b-91ae-364da2661108 git.kernel.org Patch
git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0 af854a3a-2127-422b-91ae-364da2661108 git.kernel.org Patch
cert-portal.siemens.com/productcert/html/ssa-355557.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
lists.debian.org/debian-lts-announce/2025/01/msg00001.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report