Linux Kernel lpfc SCSI Driver BIOS Version Handling Vulnerability

A vulnerability in the Linux kernel's lpfc SCSI driver has been addressed. The issue arose from the improper use of string handling functions, which led to a system panic. The original implementation used 'strlcat()' with FORTIFY support, causing a false alarm about a potential buffer overflow, despite the correct buffer size being provided. This vulnerability affected the BIOSVersion string, which is logged by 'lpfc_printf_log()' that requires a properly terminated string. The solution involved replacing 'strlcat()' with 'memcpy()' to ensure correct buffer management and null termination.

Impact

Exploitation of this vulnerability could lead to a system panic, causing a denial of service by interrupting normal operations and potentially requiring a manual reset to restore functionality.