Jason Yan

4 exploits Active since Mar 2018
CVE-2018-10021 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.16 - Denial of Service via SAS Host Bus Adapter Cable Unplug
drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables
CVSS 5.5
CVE-2018-20836 WRITEUP HIGH WRITEUP
Linux Kernel < 4.20 - Use-After-Free via Race Condition in SAS Expander
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
CVSS 8.1
CVE-2018-7757 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.15.7 - Denial of Service via SAS Phy Event File Reads
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
CVSS 5.5
CVE-2019-11810 WRITEUP HIGH WRITEUP
Linux Kernel < 5.0.7 - Denial of Service via megasas_alloc_cmds NULL Pointer Dereference
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
CVSS 7.5