CVE-2024-42288 - Vulnerability Details - OpenCVE

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix for possible memory corruption

Init Control Block is dereferenced incorrectly. Correctly dereference ICB

Published: 2024-08-17

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

Linux

unaffected

Version	Status	Constraints
`0645cb8350cdb60bfbf91caa722984b81c215add`	affected	< dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb
`0645cb8350cdb60bfbf91caa722984b81c215add`	affected	< 87db8d7b7520e99de71791260989f06f9c94953d
`0645cb8350cdb60bfbf91caa722984b81c215add`	affected	< b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce
`0645cb8350cdb60bfbf91caa722984b81c215add`	affected	< 2a15b59a2c5afac89696e44acf5bbfc0599c6c5e
`0645cb8350cdb60bfbf91caa722984b81c215add`	affected	< 571d7f2a08836698c2fb0d792236424575b9829b
`0645cb8350cdb60bfbf91caa722984b81c215add`	affected	< 8192c533e89d9fb69b2490398939236b78cda79b
`0645cb8350cdb60bfbf91caa722984b81c215add`	affected	< c03d740152f78e86945a75b2ad541bf972fab92a

Linux

Linux

affected

Version	Status	Constraints
`4.20`	affected	—
`0`	unaffected	< 4.20
`5.4.282`	unaffected	≤ 5.4.*
`5.10.224`	unaffected	≤ 5.10.*
`5.15.165`	unaffected	≤ 5.15.*
`6.1.103`	unaffected	≤ 6.1.*
`6.6.44`	unaffected	≤ 6.6.*
`6.10.3`	unaffected	≤ 6.10.*
`6.11`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-3912-1	linux security update
Debian DLA	DLA-4008-1	linux-6.1 security update
Ubuntu USN	USN-7088-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-5	Linux kernel vulnerabilities
Ubuntu USN	USN-7100-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7100-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7119-1	Linux kernel (IoT) vulnerabilities
Ubuntu USN	USN-7123-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7144-1	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-7154-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7155-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-7156-1	Linux kernel (GKE) vulnerabilities
Ubuntu USN	USN-7154-2	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7194-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7196-1	Linux kernel (Azure) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0001.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e
https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b
https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b
https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d
https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce
https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a
https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42288
https://www.cve.org/CVERecord?id=CVE-2024-42288

History

Mon, 03 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Thu, 19 Sep 2024 23:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 05 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-787
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Mon, 19 Aug 2024 19:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024081745-CVE-2024-42288-c59b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-42288 https://www.cve.org/CVERecord?id=CVE-2024-42288
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 19 Aug 2024 04:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb

Sat, 17 Aug 2024 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB
Title		scsi: qla2xxx: Fix for possible memory corruption
References		https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-08-17T09:08:53.466Z

Updated: 2026-05-11T20:29:28.375Z

Reserved: 2024-07-30T07:40:12.262Z

Link: CVE-2024-42288

Vulnrichment

Updated: 2025-11-03T22:03:40.875Z

NVD

Status : Modified

Published: 2024-08-17T09:15:09.523

Modified: 2025-11-03T22:17:56.050

Link: CVE-2024-42288

Redhat

Severity : Moderate

Publid Date: 2024-08-17T00:00:00Z

Links: CVE-2024-42288 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-42288", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.262Z", "datePublished": "2024-08-17T09:08:53.466Z", "dateUpdated": "2026-05-11T20:29:28.375Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:29:28.375Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly. Correctly dereference ICB"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/qla2xxx/qla_os.c"], "versions": [{"version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb", "status": "affected", "versionType": "git"}, {"version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "87db8d7b7520e99de71791260989f06f9c94953d", "status": "affected", "versionType": "git"}, {"version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce", "status": "affected", "versionType": "git"}, {"version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "2a15b59a2c5afac89696e44acf5bbfc0599c6c5e", "status": "affected", "versionType": "git"}, {"version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "571d7f2a08836698c2fb0d792236424575b9829b", "status": "affected", "versionType": "git"}, {"version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "8192c533e89d9fb69b2490398939236b78cda79b", "status": "affected", "versionType": "git"}, {"version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "c03d740152f78e86945a75b2ad541bf972fab92a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/qla2xxx/qla_os.c"], "versions": [{"version": "4.20", "status": "affected"}, {"version": "0", "lessThan": "4.20", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.282", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.224", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.282"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.10.224"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.15.165"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.1.103"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.6.44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.10.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb"}, {"url": "https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d"}, {"url": "https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce"}, {"url": "https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e"}, {"url": "https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b"}, {"url": "https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b"}, {"url": "https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a"}], "title": "scsi: qla2xxx: Fix for possible memory corruption", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42288", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:11:13.401777Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:30.047Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:03:40.875Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:03:40.875Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42288", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:11:13.401777Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.720Z"}}], "cna": {"title": "scsi: qla2xxx: Fix for possible memory corruption", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb", "versionType": "git"}, {"status": "affected", "version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "87db8d7b7520e99de71791260989f06f9c94953d", "versionType": "git"}, {"status": "affected", "version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce", "versionType": "git"}, {"status": "affected", "version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "2a15b59a2c5afac89696e44acf5bbfc0599c6c5e", "versionType": "git"}, {"status": "affected", "version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "571d7f2a08836698c2fb0d792236424575b9829b", "versionType": "git"}, {"status": "affected", "version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "8192c533e89d9fb69b2490398939236b78cda79b", "versionType": "git"}, {"status": "affected", "version": "0645cb8350cdb60bfbf91caa722984b81c215add", "lessThan": "c03d740152f78e86945a75b2ad541bf972fab92a", "versionType": "git"}], "programFiles": ["drivers/scsi/qla2xxx/qla_os.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.20"}, {"status": "unaffected", "version": "0", "lessThan": "4.20", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.282", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.224", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.165", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.103", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/scsi/qla2xxx/qla_os.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb"}, {"url": "https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d"}, {"url": "https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce"}, {"url": "https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e"}, {"url": "https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b"}, {"url": "https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b"}, {"url": "https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly. Correctly dereference ICB"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.282", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.224", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.165", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.103", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.44", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.3", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "4.20"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-01-05T10:52:12.919Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42288", "state": "PUBLISHED", "dateUpdated": "2026-01-05T10:52:12.919Z", "dateReserved": "2024-07-30T07:40:12.262Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:08:53.466Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B9D49AA-E82F-497B-A047-F07DF6F16995", "versionEndExcluding": "5.4.282", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE", "versionEndExcluding": "5.10.224", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94", "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A", "versionEndExcluding": "6.1.103", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix for possible memory corruption\n\nInit Control Block is dereferenced incorrectly. Correctly dereference ICB"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Correcci\u00f3n de posible corrupci\u00f3n de la memoria Init Control Block est\u00e1 desreferenciada incorrectamente. Desreferenciar correctamente ICB"}], "id": "CVE-2024-42288", "lastModified": "2025-11-03T22:17:56.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-17T09:15:09.523", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}