CVE-2024-47682 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
Ff the device returns page 0xb1 with length 8 (happens with qemu v2.x, for example), sd_read_block_characteristics() may attempt an out-of-bounds memory access when accessing the zoned field at offset 8.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/19/2026
The vulnerability identified as CVE-2024-47682 represents a critical memory access flaw within the Linux kernel's SCSI subsystem, specifically affecting the sd_read_block_characteristics() function. This issue manifests when handling SCSI device responses to block characteristics queries, creating a potential pathway for memory corruption and system instability. The vulnerability is particularly concerning because it involves an off-by-one error that can lead to unauthorized memory access patterns, making it a prime target for exploitation by malicious actors seeking to compromise system integrity.
The technical flaw stems from improper bounds checking within the SCSI disk driver implementation where the function sd_read_block_characteristics() fails to validate the actual length of data returned by SCSI devices. When a device responds with page 0xb1 containing exactly 8 bytes of data, the function attempts to access memory beyond the allocated buffer boundaries at offset 8, which corresponds to the zoned field location. This memory access violation occurs because the code assumes a minimum buffer size that exceeds the actual data returned by certain virtualization environments, particularly qemu version 2.x, which is widely used in cloud and containerized deployments.
The operational impact of this vulnerability extends beyond simple memory corruption, as it can lead to system crashes, data integrity issues, and potential privilege escalation opportunities within the kernel space. Attackers exploiting this flaw could cause denial of service conditions by triggering kernel panics or more severe consequences through carefully crafted SCSI commands that manipulate the buffer boundaries. The vulnerability affects systems running Linux kernel versions that include the affected SCSI disk driver code, making it particularly relevant for cloud infrastructure, virtualization platforms, and enterprise storage environments where SCSI devices are commonly used.
This vulnerability maps directly to CWE-129, which addresses improper validation of array index bounds, and aligns with ATT&CK technique T1068, which involves exploiting local privileges to gain system-level access. The flaw demonstrates how seemingly minor implementation errors in kernel drivers can create significant security risks, particularly when dealing with virtualized environments where device emulation may not fully comply with expected data formats. Organizations should prioritize patching this vulnerability immediately, as it represents a classic example of how memory safety issues in kernel code can provide attackers with direct pathways to system compromise. The recommended mitigation involves updating to the patched kernel version that properly validates buffer boundaries before accessing SCSI device response data, ensuring that all buffer accesses respect the actual length of returned data rather than assuming minimum required sizes.