Lucene search
K

42 matches found

OSV
OSV
added 2022/11/14 7:1 p.m.13 views

GSD-2022-1007059 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()

scsi: libsas: Fix use-after-free bug in smpexecutetasksg This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

7.2AI score
Exploits0
Oracle linux
Oracle linux
added 2021/07/16 12:0 a.m.525 views

Unbreakable Enterprise kernel-container security update

5.4.17-2102.203.5 - rds/ib: move rdsibclearirqmiss to .h file Manjunath Patil Orabug: 33044344 5.4.17-2102.203.4 - rds/ib: recover rds connection from interrupt loss scenario Manjunath Patil Orabug: 32974199 - Revert 'Allow mce to reset instead of panic on UE' William Roche Orabug: 32820275 - bpf...

7.8CVSS0.1AI score0.03259EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2020/09/29 10:31 p.m.5 views

kernel: Memory leak in drivers/scsi/libsas/sas_expander.c

A memory leak flaw was found in the Linux kernel. An error in the resource cleanup of the sasexdiscoverexpander function can allow an attacker to induce error conditions that could crash the system. The highest threat from this vulnerability is to system availability...

4.7CVSS7.1AI score0.00405EPSS
Exploits0References4
Amazon
Amazon
added 2020/08/24 12:0 a.m.64 views

Important: kernel

Issue Overview: The Serial Attached SCSI SAS implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service deadlock by triggering certain error-handling code. CVE-2017-18232 The xfsbmapextentstobtree function in fs/xfs/libxfs/xfsbmap.c i...

7.8CVSS5.9AI score0.04433EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2020/04/06 11:5 a.m.48 views

CVE-2019-19965

A NULL pointer dereference flaw was found in the Linux kernel’s SCSI disk subsystem. A local user could use this flaw to crash the system, causing a denial of service. Mitigation To mitigate this issue, prevent module libsas from being loaded. Please see for how to blacklist a kernel module to...

4.7CVSS1.2AI score0.00654EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/02/21 8:3 a.m.45 views

CVE-2018-10021

The code in the drivers/scsi/libsas/sasscsihost.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions...

5.5CVSS3.8AI score0.00466EPSS
Exploits2References1
Oracle linux
Oracle linux
added 2020/01/15 12:0 a.m.110 views

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.42.1 - scsi: libsas: delete sas port if expander discover failed Jason Yan Orabug: 30580688 CVE-2019-15807...

4.7CVSS1.4AI score0.00405EPSS
Exploits0
Oracle linux
Oracle linux
added 2020/01/15 12:0 a.m.100 views

Unbreakable Enterprise kernel security update

2.6.39-400.318.1 - x86/speculation: Determine swapgs before alternative instructions are set Patrick Colp Orabug: 30379640 - scsi: libsas: delete sas port if expander discover failed Jason Yan Orabug: 30580689 CVE-2019-15807...

4.7CVSS1.7AI score0.00405EPSS
Exploits0
CNVD
CNVD
added 2019/08/30 12:0 a.m.1 views

Linux kernel memory leak vulnerability (CNVD-2019-32349)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory disclosure vulnerability exists in the drivers/scsi/libsas/sasexpander.c file in Linux kernel versions prior to 5.1.13. An attacker could exploit this...

4.7CVSS7.2AI score0.00405EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/08/14 12:0 a.m.58 views

Debian DLA-1884-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...

9.3CVSS7.4AI score0.05111EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2019/06/07 12:0 a.m.44 views

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)

The remote OracleVM system is missing necessary patches to address critical security updates : - hugetlbfs: don't retry when pool page allocations start to fail Mike Kravetz Orabug: 29324267 - x86/speculation: RSB stuffing with retpoline on Skylake+ cpus William Roche Orabug: 29660924 -...

9.3CVSS6.8AI score0.08743EPSS
Exploits3References9
OSV
OSV
added 2019/05/07 2:29 p.m.30 views

CVE-2018-20836

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c, leading to a use-after-free...

8.1CVSS7AI score
Exploits0References14
OSV
OSV
added 2019/05/07 2:29 p.m.1 views

DEBIAN-CVE-2018-20836

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c, leading to a use-after-free...

8.1CVSS7.7AI score0.05111EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2018/11/08 12:0 a.m.518 views

Unbreakable Enterprise kernel security update

2.6.39-400.303.1 - scsi: libsas: fix memory leak in sassmpgetphyevents Jason Yan Orabug: 27927686 CVE-2018-7757 - Revert 'Fix up non-directory creation in SGID directories' Brian Maly Orabug: 28781234...

5.5CVSS2AI score0.00559EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/04/20 12:0 a.m.99 views

Amazon Linux AMI : kernel (ALAS-2018-993)

Missing length check of payload in net/sctp/smmakechunk.c:sctpmakechunk function allows denial of service : An error in the 'sctpmakechunk' function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. CVE-2018-5803...

7.1CVSS6.2AI score0.03501EPSS
Exploits1References4
CNVD
CNVD
added 2018/04/12 12:0 a.m.17 views

Linux kernel denial of service vulnerability (CNVD-2018-08760)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the drivers/scsi/libsas/sasscsihost.c file in Linux kernel versions prior to 4.16. A local attacker could exploit this vulnerability...

5.5CVSS7.3AI score0.00466EPSS
Exploits2References1
Cvelist
Cvelist
added 2018/04/11 5:0 p.m.25 views

CVE-2018-10021

drivers/scsi/libsas/sasscsihost.c in the Linux kernel before 4.16 allows local users to cause a denial of service ata qc leak by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers w...

5.9AI score0.00466EPSS
Exploits2References11
OSV
OSV
added 2018/03/15 4:29 a.m.4 views

UBUNTU-CVE-2017-18232

The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service deadlock by triggering certain error-handling code...

5.5CVSS6.6AI score0.00424EPSS
Exploits0References5
OSV
OSV
added 2018/03/15 4:29 a.m.2 views

DEBIAN-CVE-2017-18232

The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service deadlock by triggering certain error-handling code...

5.5CVSS5.7AI score0.00424EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/15 4:0 a.m.24 views

CVE-2017-18232

The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service deadlock by triggering certain error-handling code...

6.1AI score0.00424EPSS
Exploits0References8
Rows per page
Query Builder