Описание
In the Linux kernel, the following vulnerability has been resolved:
scsi: ses: Don't attach if enclosure has no components
An enclosure with no components can't usefully be operated by the driver (since effectively it has nothing to manage), so report the problem and don't attach. Not attaching also fixes an oops which could occur if the driver tries to manage a zero component enclosure.
[mkp: Switched to KERN_WARNING since this scenario is common]
In the Linux kernel, the following vulnerability has been resolved:
scsi: ses: Don't attach if enclosure has no components
An enclosure with no components can't usefully be operated by the driver (since effectively it has nothing to manage), so report the problem and don't attach. Not attaching also fixes an oops which could occur if the driver tries to manage a zero component enclosure.
[mkp: Switched to KERN_WARNING since this scenario is common]
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-53431
- https://git.kernel.org/stable/c/05143d90ac90b7abc6692285895a1ef460e008ee
- https://git.kernel.org/stable/c/110d425cdfb15006f3c4fde5264e786a247b6b36
- https://git.kernel.org/stable/c/176d7345b89ced72020a313bfa4e7f345d1c3aed
- https://git.kernel.org/stable/c/3fe97ff3d94934649abb0652028dd7296170c8d0
- https://git.kernel.org/stable/c/4863fefc8a8cc8e8f6c7635b12d9dffaa0a12d86
- https://git.kernel.org/stable/c/4e7c498c3713b09bef20c76c7319555637e8bbd5
- https://git.kernel.org/stable/c/5ca5470b33e5221dd3e5be81108697c22dd38b56
- https://git.kernel.org/stable/c/6069e04a922a0488bcf4f1017d38d18afda8194c
- https://git.kernel.org/stable/c/6fce2307650a190e343a84537c278d499fa37c26
- https://git.kernel.org/stable/c/c8e22b7a1694bb8d025ea636816472739d859145
- https://git.kernel.org/stable/c/d68937dfc73ee7f61cf3424fa3225be93cacaa00
- https://git.kernel.org/stable/c/eabc4872f172ecb8dd8536bc366a51868154a450
- https://git.kernel.org/stable/c/f182ad02024d3f45374a9e0c9d76f28b776d762d
- https://git.kernel.org/stable/c/f8e702c54413eee2d8f94f61d18adadac7c87e87
- https://git.kernel.org/stable/c/feefd5232ecb788f0666f75893a7a86faec8bbcc
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit 3fe97ff3d949 ("scsi: ses: Don't attach if enclosure has no components") and introduces proper handling of case where there are no detected secondary components, but primary component (enumerated in num_enclosures) does exist. That fix was originally proposed by Ding Hui <dinghui@sangfor.com.cn>. Completely ignoring devices that have one primary enclosure and no secondary one results in ses_intf_add() bailing completely scsi 2:0:0:254: enclosure has no enumerated components scsi 2:0:0:254: Failed to bind enclosure -12ven in valid configurations such even on valid configurations with 1 primary and 0 secondary enclosures as below: # sg_ses /dev/sg0 3PARdata SES 3321 Supported diagnostic pages: Supported Diagnostic Pages [sdp] [0x0] Configuration (SES) [cf] [0x1] Short Enclosure Status (SES) [ses] [0x8] # sg_ses -p cf...
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Don't attach if enclosure has no components An enclosure with no components can't usefully be operated by the driver (since effectively it has nothing to manage), so report the problem and don't attach. Not attaching also fixes an oops which could occur if the driver tries to manage a zero component enclosure. [mkp: Switched to KERN_WARNING since this scenario is common]
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit 3fe97ff3d949 ("scsi: ses: Don't attach if enclosure has no components") and introduces proper handling of case where there are no detected secondary components, but primary component (enumerated in num_enclosures) does exist. That fix was originally proposed by Ding Hui <dinghui@sangfor.com.cn>. Completely ignoring devices that have one primary enclosure and no secondary one results in ses_intf_add() bailing completely scsi 2:0:0:254: enclosure has no enumerated components scsi 2:0:0:254: Failed to bind enclosure -12ven in valid configurations such even on valid configurations with 1 primary and 0 secondary enclosures as below: # sg_ses /dev/sg0 3PARdata SES 3321 Supported diagnostic pages: Supported Diagnostic Pages [sdp] [0x0] Configuration (SES) [cf] [0x1] Short Enclosure Status (SES)
In the Linux kernel, the following vulnerability has been resolved: s ...
Уязвимость модуля drivers/scsi/ses.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании