42 matches found
GSD-2022-1007059 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
scsi: libsas: Fix use-after-free bug in smpexecutetasksg This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...
Unbreakable Enterprise kernel-container security update
5.4.17-2102.203.5 - rds/ib: move rdsibclearirqmiss to .h file Manjunath Patil Orabug: 33044344 5.4.17-2102.203.4 - rds/ib: recover rds connection from interrupt loss scenario Manjunath Patil Orabug: 32974199 - Revert 'Allow mce to reset instead of panic on UE' William Roche Orabug: 32820275 - bpf...
kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
A memory leak flaw was found in the Linux kernel. An error in the resource cleanup of the sasexdiscoverexpander function can allow an attacker to induce error conditions that could crash the system. The highest threat from this vulnerability is to system availability...
Important: kernel
Issue Overview: The Serial Attached SCSI SAS implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service deadlock by triggering certain error-handling code. CVE-2017-18232 The xfsbmapextentstobtree function in fs/xfs/libxfs/xfsbmap.c i...
CVE-2019-19965
A NULL pointer dereference flaw was found in the Linux kernel’s SCSI disk subsystem. A local user could use this flaw to crash the system, causing a denial of service. Mitigation To mitigate this issue, prevent module libsas from being loaded. Please see for how to blacklist a kernel module to...
CVE-2018-10021
The code in the drivers/scsi/libsas/sasscsihost.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.42.1 - scsi: libsas: delete sas port if expander discover failed Jason Yan Orabug: 30580688 CVE-2019-15807...
Unbreakable Enterprise kernel security update
2.6.39-400.318.1 - x86/speculation: Determine swapgs before alternative instructions are set Patrick Colp Orabug: 30379640 - scsi: libsas: delete sas port if expander discover failed Jason Yan Orabug: 30580689 CVE-2019-15807...
Linux kernel memory leak vulnerability (CNVD-2019-32349)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory disclosure vulnerability exists in the drivers/scsi/libsas/sasexpander.c file in Linux kernel versions prior to 5.1.13. An attacker could exploit this...
Debian DLA-1884-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...
OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)
The remote OracleVM system is missing necessary patches to address critical security updates : - hugetlbfs: don't retry when pool page allocations start to fail Mike Kravetz Orabug: 29324267 - x86/speculation: RSB stuffing with retpoline on Skylake+ cpus William Roche Orabug: 29660924 -...
CVE-2018-20836
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c, leading to a use-after-free...
DEBIAN-CVE-2018-20836
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c, leading to a use-after-free...
Unbreakable Enterprise kernel security update
2.6.39-400.303.1 - scsi: libsas: fix memory leak in sassmpgetphyevents Jason Yan Orabug: 27927686 CVE-2018-7757 - Revert 'Fix up non-directory creation in SGID directories' Brian Maly Orabug: 28781234...
Amazon Linux AMI : kernel (ALAS-2018-993)
Missing length check of payload in net/sctp/smmakechunk.c:sctpmakechunk function allows denial of service : An error in the 'sctpmakechunk' function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. CVE-2018-5803...
Linux kernel denial of service vulnerability (CNVD-2018-08760)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the drivers/scsi/libsas/sasscsihost.c file in Linux kernel versions prior to 4.16. A local attacker could exploit this vulnerability...
CVE-2018-10021
drivers/scsi/libsas/sasscsihost.c in the Linux kernel before 4.16 allows local users to cause a denial of service ata qc leak by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers w...
UBUNTU-CVE-2017-18232
The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service deadlock by triggering certain error-handling code...
DEBIAN-CVE-2017-18232
The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service deadlock by triggering certain error-handling code...
CVE-2017-18232
The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service deadlock by triggering certain error-handling code...