CVE-2024-36025 | Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6 scsi qla_edif_app_getstats elem[] off-by-one

Inserito da Angelo Barbosa | Mag 30, 2024 | CVE

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6. Affected is the function qla_edif_app_getstats of the component scsi. The manipulation of the argument elem[] leads to off-by-one.

This vulnerability is traded as CVE-2024-36025. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-36025 | Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6 scsi qla_edif_app_getstats elem[] off-by-one

Post correlati

CVE-2024-34207 | Totolink CP450 4.1.0cu.747_B20191224 setStaticDhcpConfig stack-based overflow

CVE-2024-0432 | Gestpay for WooCommerce Plugin up to 20221130 on WordPress ajax_delete_card cross-site request forgery

CVE-2024-1878 | SourceCodester Employee Management System 1.0 /myprofile.php id sql injection

CVE-2024-4186 | Edwiser Bridge Plugin up to 3.0.5 on WordPress improper authentication