CVE-2024-43816

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-43816
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43816.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-43816
Downstream
Related
Published
2024-08-17T09:21:38Z
Modified
2025-10-09T14:55:42.159720Z
Summary
scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Revise lpfcprepembed_io routine with proper endian macro usages

On big endian architectures, it is possible to run into a memory out of bounds pointer dereference when FCP targets are zoned.

In lpfcprepembedio, the memcpy(ptr, fcpcmnd, sgl->sgelen) is referencing a little endian formatted sgl->sgelen value. So, the memcpy can cause big endian systems to crash.

Redefine the *sgl ptr as a struct sli4sgele to make it clear that we are referring to a little endian formatted data structure. And, update the routine with proper le32tocpu macro usages.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af20bb73ac2591631d504f3f859f073bcdb7e11e
Fixed
9fd003f344d502f65252963169df3dd237054e49
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af20bb73ac2591631d504f3f859f073bcdb7e11e
Fixed
8bc7c617642db6d8d20ee671fb6c4513017e7a7e

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.9
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.10.0
Fixed
6.10.3