Rapid7 Vulnerability & Exploit Database

Huawei EulerOS: CVE-2024-40901: kernel security update

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Huawei EulerOS: CVE-2024-40901: kernel security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
07/12/2024
Created
10/10/2024
Added
10/09/2024
Modified
10/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_bit() on a single word. The test_bit() and set_bit() functions operate on long values, and when testing or setting a single word, they can exceed the word boundary. KASAN detects this issue and produces a dump: BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965 For full log, please look at [1]. Make the allocation at least the size of sizeof(unsigned long) so that set_bit() and test_bit() have sufficient room for read/write operations without overwriting unallocated memory. [1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/

Solution(s)

  • huawei-euleros-2_0_sp11-upgrade-bpftool
  • huawei-euleros-2_0_sp11-upgrade-kernel
  • huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists
  • huawei-euleros-2_0_sp11-upgrade-kernel-tools
  • huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs
  • huawei-euleros-2_0_sp11-upgrade-python3-perf

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;