SB20240717113 - Incorrect calculation in Linux kernel scsi qedf driver
Published: July 17, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240717113
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Incorrect calculation (CVE-ID: CVE-2022-48823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qedf_initiate_cleanup() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/7cc32ff0cd6c44a3c26de5faecfe8b5546198fad
- https://git.kernel.org/stable/c/87f187e5265bc8e3b38faef8b9db864cdd61dde7
- https://git.kernel.org/stable/c/6be8eaad75ca73131e2a697f0270dc8ee73814a8
- https://git.kernel.org/stable/c/7fcbed38503bb34c6e6538b6a9482d1c6bead1e8
- https://git.kernel.org/stable/c/5239ab63f17cee643bd4bf6addfedebaa7d4f41e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.180