CVE-2024-47682

scsi: sd: Fix off-by-one error in sd_read_block_characteristics()

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Ff the device returns page 0xb1 with length 8 (happens with qemu v2.x, for example), sd_read_block_characteristics() may attempt an out-of-bounds memory access when accessing the zoned field at offset 8.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/60312ae7392f9c75c6591a52fc359cf7f810d48f patch
https://git.kernel.org/stable/c/568c7c4c77eee6df7677bb861b7cee7398a3255d patch
https://git.kernel.org/stable/c/a776050373893e4c847a49abeae2ccb581153df0 patch
https://git.kernel.org/stable/c/413df704f149dec585df07466d2401bbd1f490a0 patch
https://git.kernel.org/stable/c/f81eaf08385ddd474a2f41595a7757502870c0eb patch

Frequently Asked Questions

What is the severity of CVE-2024-47682?
CVE-2024-47682 has been scored as a high severity vulnerability.
How to fix CVE-2024-47682?
To fix CVE-2024-47682, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-47682 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-47682 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-47682?
CVE-2024-47682 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.