Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2024-36025

UNKNOWN

scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()

Published May 30, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()

The app_reply->elem[] array is allocated earlier in this function and it has app_req.num_ports elements. Thus this > comparison needs to be >= to prevent memory corruption.

References

WEBhttps://git.kernel.org/stable/c/4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd WEBhttps://git.kernel.org/stable/c/60b87b5ecbe07d70897d35947b0bb3e76ccd1b3a WEBhttps://git.kernel.org/stable/c/8c820f7c8e9b46238d277c575392fe9930207aab WEBhttps://git.kernel.org/stable/c/9fc74e367be4247a5ac39bb8ec41eaa73fade510 WEBhttps://git.kernel.org/stable/c/ea8ac95c22c93acecb710209a7fd10b851afe817 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-36025

Ecosystems

Timeline

PublishedMay 30, 2024

ModifiedMay 4, 2025

CVE-2024-36025 | Mondoo Vulnerability Intelligence