A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6. Affected is the function qla_edif_app_getstats of the component scsi. The manipulation of the argument elem[] leads to off-by-one.

This vulnerability is traded as CVE-2024-36025. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.