Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2022-48791
HistoryJul 16, 2024 - 11:43 a.m.

CVE-2022-48791 scsi: pm8001: Fix use-after-free for aborted TMF sas_task

2024-07-1611:43:47
Linux
www.cve.org
6
linux kernel
use-after-free
sas_task
pm8001
vulnerability fix

EPSS

0

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

scsi: pm8001: Fix use-after-free for aborted TMF sas_task

Currently a use-after-free may occur if a TMF sas_task is aborted before we
handle the IO completion in mpi_ssp_completion(). The abort occurs due to
timeout.

When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the
sas_task is freed in pm8001_exec_internal_tmf_task().

However, if the I/O completion occurs later, the I/O completion still
thinks that the sas_task is available. Fix this by clearing the ccb->task
if the TMF times out - the I/O completion handler does nothing if this
pointer is cleared.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/pm8001/pm8001_sas.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "d872e7b5fe38",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "3c334cdfd949",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "510b21442c3a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "61f162aa4381",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/pm8001/pm8001_sas.c"
    ],
    "versions": [
      {
        "version": "5.10.102",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.25",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.11",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

ubuntucve 1
vulnrichment 1
redhatcve 1
nvd 1
cve 1
debiancve 1
osv 1
redos 1
nessus 5
openvas 1
ubuntucve
ubuntucve
CVE-2022-48791
2024-07-16 00:00:00
vulnrichment
vulnrichment
CVE-2022-48791 scsi: pm8001: Fix use-after-free for aborted TMF sas_task
2024-07-16 11:43:47
redhatcve
redhatcve
CVE-2022-48791
2024-07-16 22:59:00
nvd
nvd
CVE-2022-48791
2024-07-16 12:15:03
cve
cve
CVE-2022-48791
2024-07-16 12:15:03
debiancve
debiancve
CVE-2022-48791
2024-07-16 12:15:03
osv
osv
CVE-2022-48791
2024-07-16 12:15:03
redos
redos
ROS-20240816-12
2024-08-16 00:00:00
nessus
nessus
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:3249-1)
2024-09-17 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2929-1)
2024-08-16 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2894-1)
2024-08-14 00:00:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:2947-1)
2024-08-20 00:00:00

EPSS

0

Percentile

5.0%

JSON
Related for CVELIST:CVE-2022-48791
ubuntucve1vulnrichment1redhatcve1nvd1cve1debiancve1osv1redos1nessus5openvas1