CVE-2024-36025 | Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6 scsi qla_edif_app_getstats elem[] off-by-one

Inserito da Angelo Barbosa | Mag 30, 2024 | CVE

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6. Affected is the function qla_edif_app_getstats of the component scsi. The manipulation of the argument elem[] leads to off-by-one.

This vulnerability is traded as CVE-2024-36025. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-36025 | Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6 scsi qla_edif_app_getstats elem[] off-by-one

Post correlati

CVE-2024-39733 | IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9 credentials storage (XFDB-295972)

CVE-2024-20522 | Cisco RV042/RV042G/RV320/RV325 up to 4.2.3.14 Web-based Management Interface heap-based overflow (cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV)

CVE-2024-10672 | Multiple Page Generator Plugin up to 4.0.2 on WordPress path traversal

CVE-2024-7152 | Tenda O3 1.0.0.10(2478) /goform/setMacFilterList fromSafeSetMacFilter time stack-based overflow