LiveActive security incident?Get immediate response
CVE Record

CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf() and then call simple_read_from_buffer(), which in turns make the copy_to_user() call. BUG: unable to handle page fault for address: 00007f4801111000 PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0 Oops: 0002 [#1] PREEMPT SMP PTI Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023 RIP: 0010:memcpy_orig+0xcd/0x130 RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202 RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000 RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572 R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af FS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x183/0x510 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x22/0x30 ? memcpy_orig+0xcd/0x130 vsnprintf+0x102/0x4c0 sprintf+0x51/0x80 qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324] full_proxy_read+0x50/0x80 vfs_read+0xa5/0x2e0 ? folio_add_new_anon_rmap+0x44/0xa0 ? set_pte_at+0x15/0x30 ? do_pte_missing+0x426/0x7f0 ksys_read+0xa5/0xe0 do_syscall_64+0x58/0x80 ? __count_memcg_events+0x46/0x90 ? count_memcg_event_mm+0x3d/0x60 ? handle_mm_fault+0x196/0x2f0 ? do_user_addr_fault+0x267/0x890 ? exc_page_fault+0x69/0x150 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4800f20b4d

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2024-40978 is a Linux kernel crash bug in the qedi SCSI driver. Reading a specific debugfs attribute can trigger a page fault because kernel code writes formatted output directly to a user pointer. The documented impact is system instability or denial of service, not data theft or remote compromise.

Executive priority

Treat this as a targeted kernel stability risk. Prioritize servers and appliances using the qedi driver, especially where debugfs is accessible to non-core administrators. It is below urgent remote-code-execution issues unless your environment depends on affected qedi systems.

Technical view

qedi_dbg_do_not_recover_cmd_read() called sprintf() on a __user pointer. The fix formats into a small local stack buffer, then uses simple_read_from_buffer() so copy_to_user() handles the user-space copy. The CVE record lists affected Linux kernel versions and multiple stable kernel fix commits.

Likely exposure

Exposure is most likely on Linux systems running affected kernels with the qedi driver present and the relevant debugfs attribute reachable. Appliances or distributions embedding affected kernels may also inherit exposure. The sources do not prove internet-facing remote exposure.

Exploitation context

The source bundle does not cite active exploitation, public exploit code, or KEV inclusion. The reported trigger is reading a debugfs attribute, so realistic abuse depends on local access, debugfs availability, permissions, and whether qedi is loaded.

Researcher notes

Evidence supports a kernel crash path, not privilege escalation or remote execution. The affected-version data is kernel-centric and distribution backports may differ. Validation should focus on driver presence, debugfs permissions, and vendor package status rather than only upstream version strings.

Mitigation direction

  • Update to a kernel containing the relevant stable qedi fix commit.
  • Check Linux distribution advisories for the exact fixed package version.
  • Limit debugfs access to trusted administrators where operationally possible.
  • Unload or disable unused qedi functionality if vendor guidance supports it.
  • For Siemens products, follow the referenced Siemens ProductCERT advisories.

Validation and detection

  • Inventory systems running Linux kernels in the affected version ranges.
  • Check whether the qedi driver is present or loaded.
  • Confirm whether debugfs is mounted and who can read qedi entries.
  • Verify installed kernel packages include the stable fix for CVE-2024-40978.
  • Review Debian and Siemens advisories if those platforms are in scope.
Prepared
Confidence
medium
Sources
9

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-40978 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
12Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxace7f46ba5fde7273207c7122b0650ceb72510e0, ace7f46ba5fde7273207c7122b0650ceb72510e0, ace7f46ba5fde7273207c7122b0650ceb72510e0, ace7f46ba5fde7273207c7122b0650ceb72510e0, ace7f46ba5fde7273207c7122b0650ceb72510e0, ace7f46ba5fde7273207c7122b0650ceb72510e0, ace7f46ba5fde7273207c7122b0650ceb72510e0, ace7f46ba5fde7273207c7122b0650ceb72510e0unaffected
LinuxLinux4.10, 0, 4.19.317, 5.4.279, 5.10.221, 5.15.162, 6.1.96, 6.6.36, 6.9.7, 6.10affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.