{"uuid": "251743f7-e2ae-4c87-974c-40331312e34c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-43816", "type": "seen", "source": "https://t.me/CveExploits/20", "content": "\ud83d\udea8 CVE-2024-43816\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages\n\nOn big endian architectures, it is possible to run into a memory out of\nbounds pointer dereference when FCP targets are zoned.\n\nIn lpfc_prep_embed_io, the memcpy(ptr, fcp_cmnd, sgl->sge_len) is\nreferencing a little endian formatted sgl->sge_len value.\u00a0 So, the memcpy\ncan cause big endian systems to crash.\n\nRedefine the *sgl ptr as a struct sli4_sge_le to make it clear that we are\nreferring to a little endian formatted data structure.\u00a0 And, update the\nroutine with proper le32_to_cpu macro usages.", "creation_timestamp": "2024-08-17T14:03:18.000000Z"}