vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-40978): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:M/Au:M/C:N/I:N/A:C)	Jul 12, 2024	Sep 12, 2024	Feb 18, 2025

Severity

CVSS

(AV:L/AC:M/Au:M/C:N/I:N/A:C)

Published

Jul 12, 2024

Added

Sep 12, 2024

Modified

Feb 18, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedi: Fix crash while reading debugfs attribute

The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly
on a __user pointer, which results into the crash.

To fix this issue, use a small local stack buffer for sprintf() and then
call simple_read_from_buffer(), which in turns make the copy_to_user()
call.

BUG: unable to handle page fault for address: 00007f4801111000
PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0
Oops: 0002 [#1] PREEMPT SMP PTI
Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023
RIP: 0010:memcpy_orig+0xcd/0x130
RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202
RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f
RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000
RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572
R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff
R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af
FS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:

? __die_body+0x1a/0x60
? page_fault_oops+0x183/0x510
? exc_page_fault+0x69/0x150
? asm_exc_page_fault+0x22/0x30
? memcpy_orig+0xcd/0x130
vsnprintf+0x102/0x4c0
sprintf+0x51/0x80
qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]
full_proxy_read+0x50/0x80
vfs_read+0xa5/0x2e0
? folio_add_new_anon_rmap+0x44/0xa0
? set_pte_at+0x15/0x30
? do_pte_missing+0x426/0x7f0
ksys_read+0xa5/0xe0
do_syscall_64+0x58/0x80
? __count_memcg_events+0x46/0x90
? count_memcg_event_mm+0x3d/0x60
? handle_mm_fault+0x196/0x2f0
? do_user_addr_fault+0x267/0x890
? exc_page_fault+0x69/0x150
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f4800f20b4d

Solution(s)

ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1052-gkeopubuntu-upgrade-linux-image-5-15-0-1062-ibmubuntu-upgrade-linux-image-5-15-0-1062-raspiubuntu-upgrade-linux-image-5-15-0-1064-intel-iotgubuntu-upgrade-linux-image-5-15-0-1064-nvidiaubuntu-upgrade-linux-image-5-15-0-1064-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1066-gkeubuntu-upgrade-linux-image-5-15-0-1066-kvmubuntu-upgrade-linux-image-5-15-0-1067-oracleubuntu-upgrade-linux-image-5-15-0-1068-gcpubuntu-upgrade-linux-image-5-15-0-1069-awsubuntu-upgrade-linux-image-5-15-0-1072-azureubuntu-upgrade-linux-image-5-15-0-1072-azure-fdeubuntu-upgrade-linux-image-5-15-0-121-genericubuntu-upgrade-linux-image-5-15-0-121-generic-64kubuntu-upgrade-linux-image-5-15-0-121-generic-lpaeubuntu-upgrade-linux-image-5-15-0-121-lowlatencyubuntu-upgrade-linux-image-5-15-0-121-lowlatency-64kubuntu-upgrade-linux-image-5-4-0-1043-iotubuntu-upgrade-linux-image-5-4-0-1051-xilinx-zynqmpubuntu-upgrade-linux-image-5-4-0-1079-ibmubuntu-upgrade-linux-image-5-4-0-1092-bluefieldubuntu-upgrade-linux-image-5-4-0-1099-gkeopubuntu-upgrade-linux-image-5-4-0-1116-raspiubuntu-upgrade-linux-image-5-4-0-1120-kvmubuntu-upgrade-linux-image-5-4-0-1131-oracleubuntu-upgrade-linux-image-5-4-0-1132-awsubuntu-upgrade-linux-image-5-4-0-1136-gcpubuntu-upgrade-linux-image-5-4-0-1137-azureubuntu-upgrade-linux-image-5-4-0-195-genericubuntu-upgrade-linux-image-5-4-0-195-generic-lpaeubuntu-upgrade-linux-image-5-4-0-195-lowlatencyubuntu-upgrade-linux-image-6-8-0-1010-gkeubuntu-upgrade-linux-image-6-8-0-1011-raspiubuntu-upgrade-linux-image-6-8-0-1012-ibmubuntu-upgrade-linux-image-6-8-0-1012-oemubuntu-upgrade-linux-image-6-8-0-1012-oracleubuntu-upgrade-linux-image-6-8-0-1012-oracle-64kubuntu-upgrade-linux-image-6-8-0-1013-nvidiaubuntu-upgrade-linux-image-6-8-0-1013-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1014-azureubuntu-upgrade-linux-image-6-8-0-1014-azure-fdeubuntu-upgrade-linux-image-6-8-0-1014-gcpubuntu-upgrade-linux-image-6-8-0-1015-awsubuntu-upgrade-linux-image-6-8-0-44-genericubuntu-upgrade-linux-image-6-8-0-44-generic-64kubuntu-upgrade-linux-image-6-8-0-44-lowlatencyubuntu-upgrade-linux-image-6-8-0-44-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-45-genericubuntu-upgrade-linux-image-6-8-0-45-generic-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-lts-20-04ubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-fde-lts-22-04ubuntu-upgrade-linux-image-azure-lts-20-04ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-bluefieldubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-lts-20-04ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-18-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-gkeop-5-4ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-20-04ubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-18-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-oemubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oem-osp1ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-lts-20-04ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-hwe-18-04ubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-raspi2ubuntu-upgrade-linux-image-raspi2-hwe-18-04ubuntu-upgrade-linux-image-snapdragon-hwe-18-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-18-04ubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04ubuntu-upgrade-linux-image-xilinx-zynqmp

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today

Ubuntu: (Multiple Advisories) (CVE-2024-40978): Linux kernel vulnerabilities

Description

Solution(s)

References

Explore Exposure Command