SUSE-SU-2025:1092-1

Опубликовано: 01 апр. 2025

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122_228 fixes one issue.

The following security issue was fixed:

CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP5

kgraft-patch-4_12_14-122_228-default-6-2.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20251092-1/
Link for SUSE-SU-2025:1092-1
https://lists.suse.com/pipermail/sle-security-updates/2025-April/020634.html
E-Mail link for SUSE-SU-2025:1092-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1228012
SUSE Bug 1228012
https://www.suse.com/security/cve/CVE-2022-48791/
SUSE CVE CVE-2022-48791 page

Описание

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to timeout. When the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the sas_task is freed in pm8001_exec_internal_tmf_task(). However, if the I/O completion occurs later, the I/O completion still thinks that the sas_task is available. Fix this by clearing the ccb->task if the TMF times out - the I/O completion handler does nothing if this pointer is cleared.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-6-2.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-48791.html
CVE-2022-48791
https://bugzilla.suse.com/1228002
SUSE Bug 1228002
https://bugzilla.suse.com/1228012
SUSE Bug 1228012

SUSE-SU-2025:1092-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP5

Ссылки

Уязвимость: CVE-2022-48791

Описание

Затронутые продукты

Ссылки