Количество 24
Количество 24
BDU:2024-07755
Уязвимость функции mpi_ssp_completion() драйвера PMC-Sierra SPC 8001 SAS/SATA ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
CVE-2022-48792
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering.
CVE-2022-48792
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering.
CVE-2022-48792
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering.
CVE-2022-48792
In the Linux kernel, the following vulnerability has been resolved: s ...
GHSA-x9wp-3948-xg4x
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering.
SUSE-SU-2025:0944-1
Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)
SUSE-SU-2025:0904-1
Security update for the Linux Kernel (Live Patch 57 for SLE 12 SP5)
SUSE-SU-2025:0893-1
Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5)
SUSE-SU-2025:0942-1
Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)
SUSE-SU-2025:0908-1
Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5)
SUSE-SU-2025:0892-1
Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5)
SUSE-SU-2025:0943-1
Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
SUSE-SU-2025:0898-1
Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
SUSE-SU-2024:2923-1
Security update for the Linux Kernel
SUSE-SU-2024:2948-1
Security update for the Linux Kernel
ROS-20240822-01
Множественные уязвимости kernel-lt
SUSE-SU-2024:2892-1
Security update for the Linux Kernel
SUSE-SU-2024:2940-1
Security update for the Linux Kernel
SUSE-SU-2024:2901-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-07755 Уязвимость функции mpi_ssp_completion() драйвера PMC-Sierra SPC 8001 SAS/SATA ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-48792 In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | CVE-2022-48792 In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | CVE-2022-48792 In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
| CVE-2022-48792 In the Linux kernel, the following vulnerability has been resolved: s ... | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
| GHSA-x9wp-3948-xg4x In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | SUSE-SU-2025:0944-1 Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3) | 5 месяцев назад | ||
| SUSE-SU-2025:0904-1 Security update for the Linux Kernel (Live Patch 57 for SLE 12 SP5) | 5 месяцев назад | ||
| SUSE-SU-2025:0893-1 Security update for the Linux Kernel (Live Patch 58 for SLE 12 SP5) | 5 месяцев назад | ||
| SUSE-SU-2025:0942-1 Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3) | 5 месяцев назад | ||
| SUSE-SU-2025:0908-1 Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5) | 5 месяцев назад | ||
| SUSE-SU-2025:0892-1 Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5) | 5 месяцев назад | ||
| SUSE-SU-2025:0943-1 Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3) | 5 месяцев назад | ||
| SUSE-SU-2025:0898-1 Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3) | 5 месяцев назад | ||
| SUSE-SU-2024:2923-1 Security update for the Linux Kernel | 12 месяцев назад | ||
| SUSE-SU-2024:2948-1 Security update for the Linux Kernel | 12 месяцев назад | ||
 | ROS-20240822-01 Множественные уязвимости kernel-lt | CVSS3: 7.8 | 12 месяцев назад | |
| SUSE-SU-2024:2892-1 Security update for the Linux Kernel | 12 месяцев назад | ||
| SUSE-SU-2024:2940-1 Security update for the Linux Kernel | 12 месяцев назад | ||
| SUSE-SU-2024:2901-1 Security update for the Linux Kernel | 12 месяцев назад |
Уязвимостей на страницу