vulnerability

Red Hat: CVE-2024-38559: kernel: scsi: qedf: Ensure the copied buf is NUL terminated (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:M/C:N/I:N/A:C)	Jun 19, 2024	Sep 19, 2024	Mar 27, 2026

Severity

CVSS

(AV:L/AC:L/Au:M/C:N/I:N/A:C)

Published

Jun 19, 2024

Added

Sep 19, 2024

Modified

Mar 27, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedf: Ensure the copied buf is NUL terminated

Currently, we allocate a count-sized kernel buffer and copy count from
userspace to that buffer. Later, we use kstrtouint on this buffer but we
don't ensure that the string is terminated inside the buffer, this can
lead to OOB read when using kstrtouint. Fix this issue by using
memdup_user_nul instead of memdup_user.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

CWE-476
EUVD-EUVD-2024-37422
NVD-CVE-2024-38559
REDHAT-RHSA-2024:6567
REDHAT-RHSA-2024:6744
REDHAT-RHSA-2024:6745
REDHAT-RHSA-2024:7000
REDHAT-RHSA-2024:7001
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-37422

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report