SAS Transport Vulnerability in Linux Kernel Affecting Multiple PHY States
CVE-2024-57804

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability in the Linux kernel's SCSI MPI3MR driver allows for the potential corruption of configuration pages related to SAS IO units and expanders. This issue arises when PHYs are rapidly disabled and re-enabled, leading to inconsistent states that can disrupt normal operations. The kernel previously allowed overlapping memory requests for configuration changes, which has been remedied by separating memory allocation for each request, thus preventing data corruption and enhancing the stability of the SAS transport layer.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 869fdc6f0606060301aef648231e186c7c542f5a

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 711201a8b8334a397440ac0b859df0054e174bc9

Linux 6.12.8 <= 6.12.*

References

https://git.kernel.org/stable/c/869fdc6f0606060301aef6482...

https://git.kernel.org/stable/c/711201a8b8334a397440ac0b8...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 9, 2025