CVE-2024-40978 (GCVE-0-2024-40978)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2026-01-05 10:37
VLAI?
Title
scsi: qedi: Fix crash while reading debugfs attribute
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf() and then call simple_read_from_buffer(), which in turns make the copy_to_user() call. BUG: unable to handle page fault for address: 00007f4801111000 PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0 Oops: 0002 [#1] PREEMPT SMP PTI Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023 RIP: 0010:memcpy_orig+0xcd/0x130 RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202 RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000 RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572 R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af FS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x183/0x510 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x22/0x30 ? memcpy_orig+0xcd/0x130 vsnprintf+0x102/0x4c0 sprintf+0x51/0x80 qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324] full_proxy_read+0x50/0x80 vfs_read+0xa5/0x2e0 ? folio_add_new_anon_rmap+0x44/0xa0 ? set_pte_at+0x15/0x30 ? do_pte_missing+0x426/0x7f0 ksys_read+0xa5/0xe0 do_syscall_64+0x58/0x80 ? __count_memcg_events+0x46/0x90 ? count_memcg_event_mm+0x3d/0x60 ? handle_mm_fault+0x196/0x2f0 ? do_user_addr_fault+0x267/0x890 ? exc_page_fault+0x69/0x150 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4800f20b4d
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: ace7f46ba5fde7273207c7122b0650ceb72510e0 , < 56bec63a7fc87ad50b3373a87517dc9770eef9e0 (git)
Affected: ace7f46ba5fde7273207c7122b0650ceb72510e0 , < 21c963de2e86e88f6a8ca556bcebb8e62ab8e901 (git)
Affected: ace7f46ba5fde7273207c7122b0650ceb72510e0 , < 144d76a676b630e321556965011b00e2de0b40a7 (git)
Affected: ace7f46ba5fde7273207c7122b0650ceb72510e0 , < 397a8990c377ee4b61d6df768e61dff9e316d46b (git)
Affected: ace7f46ba5fde7273207c7122b0650ceb72510e0 , < eaddb86637669f6bad89245ee63f8fb2bfb50241 (git)
Affected: ace7f46ba5fde7273207c7122b0650ceb72510e0 , < fa85b016a56b9775a3fe41e5d26e666945963b46 (git)
Affected: ace7f46ba5fde7273207c7122b0650ceb72510e0 , < e2f433ea7d0ff77998766a088a287337fb43ad75 (git)
Affected: ace7f46ba5fde7273207c7122b0650ceb72510e0 , < 28027ec8e32ecbadcd67623edb290dad61e735b5 (git)
Create a notification for this product.
    Linux Linux Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:43.534Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:02:30.760177Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:21.743Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qedi/qedi_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "56bec63a7fc87ad50b3373a87517dc9770eef9e0",
              "status": "affected",
              "version": "ace7f46ba5fde7273207c7122b0650ceb72510e0",
              "versionType": "git"
            },
            {
              "lessThan": "21c963de2e86e88f6a8ca556bcebb8e62ab8e901",
              "status": "affected",
              "version": "ace7f46ba5fde7273207c7122b0650ceb72510e0",
              "versionType": "git"
            },
            {
              "lessThan": "144d76a676b630e321556965011b00e2de0b40a7",
              "status": "affected",
              "version": "ace7f46ba5fde7273207c7122b0650ceb72510e0",
              "versionType": "git"
            },
            {
              "lessThan": "397a8990c377ee4b61d6df768e61dff9e316d46b",
              "status": "affected",
              "version": "ace7f46ba5fde7273207c7122b0650ceb72510e0",
              "versionType": "git"
            },
            {
              "lessThan": "eaddb86637669f6bad89245ee63f8fb2bfb50241",
              "status": "affected",
              "version": "ace7f46ba5fde7273207c7122b0650ceb72510e0",
              "versionType": "git"
            },
            {
              "lessThan": "fa85b016a56b9775a3fe41e5d26e666945963b46",
              "status": "affected",
              "version": "ace7f46ba5fde7273207c7122b0650ceb72510e0",
              "versionType": "git"
            },
            {
              "lessThan": "e2f433ea7d0ff77998766a088a287337fb43ad75",
              "status": "affected",
              "version": "ace7f46ba5fde7273207c7122b0650ceb72510e0",
              "versionType": "git"
            },
            {
              "lessThan": "28027ec8e32ecbadcd67623edb290dad61e735b5",
              "status": "affected",
              "version": "ace7f46ba5fde7273207c7122b0650ceb72510e0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qedi/qedi_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS:  00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:04.383Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901"
        },
        {
          "url": "https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b"
        },
        {
          "url": "https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75"
        },
        {
          "url": "https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5"
        }
      ],
      "title": "scsi: qedi: Fix crash while reading debugfs attribute",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40978",
    "datePublished": "2024-07-12T12:32:14.149Z",
    "dateReserved": "2024-07-12T12:17:45.604Z",
    "dateUpdated": "2026-01-05T10:37:04.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:58:43.534Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-40978\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:02:30.760177Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:22.211Z\"}}], \"cna\": {\"title\": \"scsi: qedi: Fix crash while reading debugfs attribute\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"ace7f46ba5fde7273207c7122b0650ceb72510e0\", \"lessThan\": \"56bec63a7fc87ad50b3373a87517dc9770eef9e0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ace7f46ba5fde7273207c7122b0650ceb72510e0\", \"lessThan\": \"21c963de2e86e88f6a8ca556bcebb8e62ab8e901\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ace7f46ba5fde7273207c7122b0650ceb72510e0\", \"lessThan\": \"144d76a676b630e321556965011b00e2de0b40a7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ace7f46ba5fde7273207c7122b0650ceb72510e0\", \"lessThan\": \"397a8990c377ee4b61d6df768e61dff9e316d46b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ace7f46ba5fde7273207c7122b0650ceb72510e0\", \"lessThan\": \"eaddb86637669f6bad89245ee63f8fb2bfb50241\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ace7f46ba5fde7273207c7122b0650ceb72510e0\", \"lessThan\": \"fa85b016a56b9775a3fe41e5d26e666945963b46\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ace7f46ba5fde7273207c7122b0650ceb72510e0\", \"lessThan\": \"e2f433ea7d0ff77998766a088a287337fb43ad75\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ace7f46ba5fde7273207c7122b0650ceb72510e0\", \"lessThan\": \"28027ec8e32ecbadcd67623edb290dad61e735b5\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/scsi/qedi/qedi_debugfs.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.10\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.10\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.317\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.279\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.221\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.162\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.96\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.36\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/scsi/qedi/qedi_debugfs.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0\"}, {\"url\": \"https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901\"}, {\"url\": \"https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7\"}, {\"url\": \"https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b\"}, {\"url\": \"https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241\"}, {\"url\": \"https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46\"}, {\"url\": \"https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75\"}, {\"url\": \"https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: qedi: Fix crash while reading debugfs attribute\\n\\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\\non a __user pointer, which results into the crash.\\n\\nTo fix this issue, use a small local stack buffer for sprintf() and then\\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\\ncall.\\n\\nBUG: unable to handle page fault for address: 00007f4801111000\\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\\nOops: 0002 [#1] PREEMPT SMP PTI\\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\\nRIP: 0010:memcpy_orig+0xcd/0x130\\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\\nFS:  00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nPKRU: 55555554\\nCall Trace:\\n \u003cTASK\u003e\\n ? __die_body+0x1a/0x60\\n ? page_fault_oops+0x183/0x510\\n ? exc_page_fault+0x69/0x150\\n ? asm_exc_page_fault+0x22/0x30\\n ? memcpy_orig+0xcd/0x130\\n vsnprintf+0x102/0x4c0\\n sprintf+0x51/0x80\\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\\n full_proxy_read+0x50/0x80\\n vfs_read+0xa5/0x2e0\\n ? folio_add_new_anon_rmap+0x44/0xa0\\n ? set_pte_at+0x15/0x30\\n ? do_pte_missing+0x426/0x7f0\\n ksys_read+0xa5/0xe0\\n do_syscall_64+0x58/0x80\\n ? __count_memcg_events+0x46/0x90\\n ? count_memcg_event_mm+0x3d/0x60\\n ? handle_mm_fault+0x196/0x2f0\\n ? do_user_addr_fault+0x267/0x890\\n ? exc_page_fault+0x69/0x150\\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\\nRIP: 0033:0x7f4800f20b4d\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.317\", \"versionStartIncluding\": \"4.10\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.279\", \"versionStartIncluding\": \"4.10\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.221\", \"versionStartIncluding\": \"4.10\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.162\", \"versionStartIncluding\": \"4.10\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.96\", \"versionStartIncluding\": \"4.10\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.36\", \"versionStartIncluding\": \"4.10\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9.7\", \"versionStartIncluding\": \"4.10\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10\", \"versionStartIncluding\": \"4.10\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-01-05T10:37:04.383Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-40978\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-05T10:37:04.383Z\", \"dateReserved\": \"2024-07-12T12:17:45.604Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-07-12T12:32:14.149Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.