Jason Yan - Security Researcher - Exploit Intelligence Platform

CVE-2018-10021 WRITEUP MEDIUM WRITEUP

Linux kernel <4.16 - DoS

drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables

CVSS 5.5

View Code

CVE-2018-20836 WRITEUP HIGH WRITEUP

Linux Kernel < 3.16.72 - Race Condition

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

CVSS 8.1

View Code

CVE-2018-7757 WRITEUP MEDIUM WRITEUP

Linux kernel <4.15.7 - DoS

Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.

CVSS 5.5

View Code

CVE-2019-11810 WRITEUP HIGH WRITEUP

Linux kernel <5.0.7 - DoS

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

CVSS 7.5

View Code