{"id":"CVE-2024-40901","summary":"scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory\n\nThere is a potential out-of-bounds access when using test_bit() on a single\nword. The test_bit() and set_bit() functions operate on long values, and\nwhen testing or setting a single word, they can exceed the word\nboundary. KASAN detects this issue and produces a dump:\n\n\t BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas\n\n\t Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965\n\nFor full log, please look at [1].\n\nMake the allocation at least the size of sizeof(unsigned long) so that\nset_bit() and test_bit() have sufficient room for read/write operations\nwithout overwriting unallocated memory.\n\n[1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/","modified":"2026-04-02T12:17:18.605506Z","published":"2024-07-12T12:20:42.859Z","related":["ALSA-2024:7000","ALSA-2024:7001","SUSE-SU-2024:2802-1","SUSE-SU-2024:2892-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2901-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2940-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40901.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16"},{"type":"WEB","url":"https://git.kernel.org/stable/c/18abb5db0aa9b2d48f7037a88b41af2eef821674"},{"type":"WEB","url":"https://git.kernel.org/stable/c/19649e49a6df07cd2e03e0a11396fd3a99485ec2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4254dfeda82f20844299dca6c38cbffcfd499f41"},{"type":"WEB","url":"https://git.kernel.org/stable/c/46bab2bcd771e725ff5ca3a68ba68cfeac45676c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/521f333e644c4246ca04a4fc4772edc53dd2a801"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9079338c5a0d1f1fee34fb1c9e99b754efe414c5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40901.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40901"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c696f7b83edeac804e898952058089143f49ca0a"},{"fixed":"e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee"},{"fixed":"19649e49a6df07cd2e03e0a11396fd3a99485ec2"},{"fixed":"0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16"},{"fixed":"521f333e644c4246ca04a4fc4772edc53dd2a801"},{"fixed":"46bab2bcd771e725ff5ca3a68ba68cfeac45676c"},{"fixed":"9079338c5a0d1f1fee34fb1c9e99b754efe414c5"},{"fixed":"18abb5db0aa9b2d48f7037a88b41af2eef821674"},{"fixed":"4254dfeda82f20844299dca6c38cbffcfd499f41"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40901.json"}}],"schema_version":"1.7.5"}