ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

CVE-2024-40901

Updated: 2025-11-19 04:06:12.954395

Description:

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_bit() on a single word. The test_bit() and set_bit() functions operate on long values, and when testing or setting a single word, they can exceed the word boundary. KASAN detects this issue and produces a dump: BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965 For full log, please look at [1]. Make the allocation at least the size of sizeof(unsigned long) so that set_bit() and test_bit() have sufficient room for read/write operations without overwriting unallocated memory. [1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0.0
CVSS Version 3.x	HIGH	7.8

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated	Statement
AlmaLinux 9.2 ESU	kernel	5.14.0	7.8	HIGH	Released	CLSA-2025:1758034087	2025-09-12 21:34:04	Released as 5.14.0-284.1101.el9_2.tuxcare.7.els18
CentOS 6 ELS	kernel	2.6.32	7.8	HIGH	Released	CLSA-2025:1761139764	2025-11-10 18:47:42
CentOS 7 ELS	kernel	3.10.0	7.8	HIGH	Released	CLSA-2025:1759431860	2025-10-15 22:58:02
CentOS 8.4 ELS	kernel	4.18.0	7.8	HIGH	Released	CLSA-2024:1727690947	2024-09-30 10:47:42
CentOS 8.5 ELS	kernel	4.18.0	7.8	HIGH	Released	CLSA-2024:1727690025	2024-09-30 10:47:43
CentOS Stream 8 ELS	kernel	4.18.0	7.8	HIGH	Released	CLSA-2024:1727815919	2024-10-01 17:28:06
CloudLinux 6 ELS	kernel	2.6.32	7.8	HIGH	Ignored		2025-09-23 10:22:00	Postponed until request or high risk detected
CloudLinux 7 ELS	kernel	3.10.0	7.8	HIGH	Ignored		2025-09-23 10:21:58	Postponed until request or high risk detected
Oracle Linux 6 ELS	kernel	2.6.32	7.8	HIGH	Released	CLSA-2025:1761074747	2025-10-21 21:31:15
Oracle Linux 7 ELS	kernel	3.10.0	7.8	HIGH	Released	CLSA-2025:1759431869	2025-10-02 23:03:57

Total: 15