CVE-2022-48791

Updated: 2024-08-10 06:05:30.148312

Description:

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to timeout. When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the sas_task is freed in pm8001_exec_internal_tmf_task(). However, if the I/O completion occurs later, the I/O completion still thinks that the sas_task is available. Fix this by clearing the ccb->task if the TMF times out - the I/O completion handler does nothing if this pointer is cleared.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS kernel 2.6.32 7.8 HIGH In Rollout CLSA-2024:1726655093 2024-09-18 12:28:50
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-08-22 14:27:58
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-08-22 14:27:58
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2024-08-10 08:05:29
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2024:1726609578 2024-09-17 22:41:46
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Released CLSA-2024:1723494706 2024-08-12 17:24:50
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released CLSA-2024:1723622106 2024-08-14 08:18:04
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Released CLSA-2024:1723622576 2024-08-14 08:15:17