Описание
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a race condition exists in the smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. An attacker could abuse this flaw to corrupt memory and escalate privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 6 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2020:4062 | 29.09.2020 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2020:4060 | 29.09.2020 |
| Red Hat Enterprise Linux 7.6 Extended Update Support | kernel | Fixed | RHSA-2020:5656 | 22.12.2020 |
| Red Hat Enterprise Linux 7.7 Extended Update Support | kernel | Fixed | RHSA-2021:0019 | 05.01.2021 |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
An issue was discovered in the Linux kernel before 4.20. There is a ra ...
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Уязвимость функций smp_task_timedout () и smp_task_done () в файле drivers/scsi/libsas/sas_expander.c ядра операционной системы Linux, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации
7 High
CVSS3