CVE-2024-43816

In lpfcprepembedio, the memcpy(ptr, fcpcmnd, sgl->sgelen) is referencing a little endian formatted sgl->sgelen value. So, the memcpy can cause big endian systems to crash.

Redefine the *sgl ptr as a struct sli4sgele to make it clear that we are referring to a little endian formatted data structure. And, update the routine with proper le32tocpu macro usages.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

af20bb73ac2591631d504f3f859f073bcdb7e11e

Fixed

9fd003f344d502f65252963169df3dd237054e49

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

af20bb73ac2591631d504f3f859f073bcdb7e11e

Fixed

8bc7c617642db6d8d20ee671fb6c4513017e7a7e

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.2

v6.9

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-43816-30b20dd8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "270098382257056285078592256832746264136",
            "length": 1488.0
        },
        "target": {
            "file": "drivers/scsi/lpfc/lpfc_sli.c",
            "function": "lpfc_prep_embed_io"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bc7c617642db6d8d20ee671fb6c4513017e7a7e"
    },
    {
        "id": "CVE-2024-43816-3b741a75",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "326679694314645792809403129939473752223",
                "91734302538841990395231920309560444290",
                "276621511456556219586975498067815054271",
                "314861065304754437765834293917377922394",
                "233219835693908132351890634460730513737",
                "122017316139985861024807905906644189924",
                "243387655309163582041268695683922725137",
                "321848914455566900870207985844431403075",
                "97257168955362788368369884096830105198",
                "332870531560182292131897639298535693100",
                "14475346816880675490269449182558560176",
                "331290384940435728187472161115874865977",
                "167229143613834323687825136399979294537",
                "156561710980494882715026849776790023691",
                "202174180682060760333930801738447379639",
                "86259383592314462713758181826223899147",
                "257038274870064258495889012109719068276",
                "159233723552065978565892873662904231867",
                "132816453871710953608829197404922611837",
                "107092165286136622422565718434788567720"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/scsi/lpfc/lpfc_sli.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bc7c617642db6d8d20ee671fb6c4513017e7a7e"
    },
    {
        "id": "CVE-2024-43816-3d572159",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "326679694314645792809403129939473752223",
                "91734302538841990395231920309560444290",
                "276621511456556219586975498067815054271",
                "314861065304754437765834293917377922394",
                "233219835693908132351890634460730513737",
                "122017316139985861024807905906644189924",
                "243387655309163582041268695683922725137",
                "321848914455566900870207985844431403075",
                "97257168955362788368369884096830105198",
                "332870531560182292131897639298535693100",
                "14475346816880675490269449182558560176",
                "331290384940435728187472161115874865977",
                "167229143613834323687825136399979294537",
                "156561710980494882715026849776790023691",
                "202174180682060760333930801738447379639",
                "86259383592314462713758181826223899147",
                "257038274870064258495889012109719068276",
                "159233723552065978565892873662904231867",
                "132816453871710953608829197404922611837",
                "107092165286136622422565718434788567720"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/scsi/lpfc/lpfc_sli.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9fd003f344d502f65252963169df3dd237054e49"
    },
    {
        "id": "CVE-2024-43816-ed0d4293",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "270098382257056285078592256832746264136",
            "length": 1488.0
        },
        "target": {
            "file": "drivers/scsi/lpfc/lpfc_sli.c",
            "function": "lpfc_prep_embed_io"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9fd003f344d502f65252963169df3dd237054e49"
    }
]

CVE-2024-43816

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Affected versions

v6.*

Database specific

vanir_signatures

Linux / Kernel

Package

Affected ranges