A high-severity flaw in the mpt3sas driver's handling of NVMe request sizes could potentially lead to buffer overflows or system instability when communicating with HBA hardware.

The vulnerability exists in the mpt3sas driver, which failed to adequately limit NVMe request sizes according to the HBA firmware's MDTS (Maximum Data Transfer Size) capabilities. This oversight can lead to requests that exceed the hardware's capacity, causing unpredictable behavior or potential buffer overflows.

A CVSS score of 7.8 highlights the risk posed by this driver flaw. Successful exploitation could lead to system crashes or potentially allow an attacker to corrupt kernel memory via the interaction with the HBA hardware, impacting both data integrity and system availability.

Immediate Action: Update to a kernel version that correctly enforces the 2 MiB limit for NVMe requests within the mpt3sas driver.

Proactive Monitoring: Check logs for hardware-related error messages or firmware communication errors during high I/O workloads.

Compensating Controls: Ensure firmware for all HBA devices is up-to-date, as this can sometimes provide additional safeguards against large I/O requests.

Public Exploit Available: false

Driver-level vulnerabilities can often be exploited if an attacker has the ability to trigger specific I/O patterns. Organizations using mpt3sas controllers should prioritize patching to ensure that hardware communication remains within safe, validated bounds.