CVE-2024-36920

scsi: mpi3mr: Avoid memcpy field-spanning write WARNING

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Avoid memcpy field-spanning write WARNING

When the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver
prints this WARNING message:

memcpy: detected field-spanning write (size 128) of single field "bsg_reply_buf->reply_buf" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)
WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]

The cause of the WARN is 128 bytes memcpy to the 1 byte size array "__u8
replay_buf[1]" in the struct mpi3mr_bsg_in_reply_buf. The array is intended
to be a flexible length array, so the WARN is a false positive.

To suppress the WARN, remove the constant number '1' from the array
declaration and clarify that it has flexible length. Also, adjust the
memory allocation size to match the change.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: evitar escritura de extensión de campos de memcpy ADVERTENCIA Cuando se ejecuta el comando "storcli2 show" para eHBA-9600, el controlador mpi3mr imprime este mensaje de ADVERTENCIA: memcpy: extensión de campos detectada escriba (tamaño 128) de un solo campo "bsg_reply_buf->reply_buf" en drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (tamaño 1) ADVERTENCIA: CPU: 0 PID: 12760 en drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr] La causa de la ADVERTENCIA es 128 bytes de memoria en la matriz de tamaño de 1 byte "__u8 replay_buf[1]" en la estructura mpi3mr_bsg_in_reply_buf. La matriz está manipulada para ser una matriz de longitud flexible, por lo que WARN es un falso positivo. Para suprimir WARN, elimine el número constante '1' de la declaración de matriz y aclare que tiene una longitud flexible. Además, ajuste el tamaño de la asignación de memoria para que coincida con el cambio.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-30 CVE Reserved
2024-05-30 CVE Published
2024-05-31 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5f0266044dc611563539705bff0b3e1545fbb6aa	2024-05-17
https://git.kernel.org/stable/c/f09318244c6cafd10aca741b9c01e0a2c362d43a	2024-05-17
https://git.kernel.org/stable/c/4d2772324f43cf5674ac3dbe3f74a7e656396716	2024-05-17
https://git.kernel.org/stable/c/429846b4b6ce9853e0d803a2357bb2e55083adf0	2024-03-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9"		en		Affected