CVE-2024-43816 Information

Aug 18, 2024 cve

Description

In the Linux kernel the following vulnerability has been resolved:

scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages

On big endian architectures it is possible to run into a memory out of bounds pointer dereference when FCP targets are zoned.

In lpfc_prep_embed_io the memcpy(ptr fcp_cmnd sgl->sge_len) is referencing a little endian formatted sgl->sge_len value. So the memcpy can cause big endian systems to crash.

Redefine the sgl ptr as a struct sli4_sge_le to make it clear that we are referring to a little endian formatted data structure. And update the routine with proper le32_to_cpu macro usages.

Reference

https://git.kernel.org/stable/c/9fd003f344d502f65252963169df3dd237054e49 https://git.kernel.org/stable/c/8bc7c617642db6d8d20ee671fb6c4513017e7a7e

Share on: