CVE-2024-57804

scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and enabled in rapid succession, the persistent and current config pages related to SAS IO unit/SAS Expander pages could get corrupted. Use separate memory for each config request.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/869fdc6f0606060301aef648231e186c7c542f5a
https://git.kernel.org/stable/c/711201a8b8334a397440ac0b859df0054e174bc9

Frequently Asked Questions

What is the severity of CVE-2024-57804?
CVE-2024-57804 has not yet been assigned a CVSS score.
How to fix CVE-2024-57804?
To fix CVE-2024-57804, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-57804 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-57804 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-57804?
CVE-2024-57804 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.