CVE-2024-42159 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b
https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0
https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df
https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf
https://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42159
https://www.cve.org/CVERecord?id=CVE-2024-42159

History

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 17 Aug 2024 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-30T07:47:01.276Z

Updated: 2024-09-11T17:34:33.767Z

Reserved: 2024-07-29T15:50:41.195Z

Link: CVE-2024-42159

Vulnrichment

Updated: 2024-08-02T04:54:32.710Z

NVD

Status : Analyzed

Published: 2024-07-30T08:15:07.300

Modified: 2024-08-02T14:29:46.240

Link: CVE-2024-42159

Redhat

Severity : Moderate

Publid Date: 2024-07-30T00:00:00Z

Links: CVE-2024-42159 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42159", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.195Z", "datePublished": "2024-07-30T07:47:01.276Z", "dateUpdated": "2024-09-11T17:34:33.767Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-30T07:47:01.276Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/mpi3mr/mpi3mr_transport.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "b869ec89d2ee", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "586b41060113", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "c8707901b53a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "3668651def2c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/mpi3mr/mpi3mr_transport.c"], "versions": [{"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df"}, {"url": "https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0"}, {"url": "https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf"}, {"url": "https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b"}], "title": "scsi: mpi3mr: Sanitise num_phys", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.710Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42159", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:58.820193Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:33.767Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.710Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42159", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:58.820193Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.472Z"}}], "cna": {"title": "scsi: mpi3mr: Sanitise num_phys", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "b869ec89d2ee", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "586b41060113", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "c8707901b53a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "3668651def2c", "versionType": "git"}], "programFiles": ["drivers/scsi/mpi3mr/mpi3mr_transport.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.1.98", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/scsi/mpi3mr/mpi3mr_transport.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df"}, {"url": "https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0"}, {"url": "https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf"}, {"url": "https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-30T07:47:01.276Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42159", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:33.767Z", "dateReserved": "2024-07-29T15:50:41.195Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:47:01.276Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "59AC0B46-8C0D-4C0B-9705-C8CFF0DCAD00", "versionEndExcluding": "6.1.98", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970", "versionEndExcluding": "6.6.39", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: Sanitize num_phys La informaci\u00f3n se almacena en mr_sas_port->phy_mask, no se deben permitir valores mayores que el tama\u00f1o de este campo."}], "id": "CVE-2024-42159", "lastModified": "2024-08-02T14:29:46.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-30T08:15:07.300", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: scsi: mpi3mr: Sanitise num_phys", "id": "2301530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301530"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: mpi3mr: Sanitise num_phys\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed.", "A vulnerability was found in the Linux kernel's mpi3mr driver in the mpi3mr_sas_port_add() function, where a lack of proper checks could lead to values that are larger than what the defined size of the num_phys field in the mr_sas_node structure being inserted, causing the field to be overwritten and potentially corrupting the structure. This issue could lead to memory corruption or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42159", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42159\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42159\nhttps://lore.kernel.org/linux-cve-announce/2024073036-CVE-2024-42159-c19e@gregkh/T"], "statement": "Red Hat believes this flaw to be of Moderate severity because the impact on confidentiality that a successful use of this vulnerability would have is low. Since this vulnerability primarily impacts how the system handles physical connections in the SCSI subsystem, sensitive information would most likely not be directly exposed.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.98, kernel 6.6.39, kernel 6.9.9, kernel 6.10"}