CVE-2024-42159

Published: Jul 30, 2024Modified: Mar 25, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed.

Affected (4)

Products: Debian: Debian Linux · Linux: Linux Kernel

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.1 to 6.1.98
Linux Linux Kernel	From 6.2 to 6.6.39
Linux Linux Kernel	From 6.7 to 6.9.9

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (9)

https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b