Description
drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables
References (11)
Core 11
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3678-2/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3696-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3678-1/
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=1089281
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3754-1/
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3678-3/
Vendor Advisory x_refsource_misc
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=318aaf34f1179b39fa9c30fa0f3288b645beee39
Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/318aaf34f1179b39fa9c30fa0f3288b645beee39
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3696-2/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3678-4/
Scores
CVSS v3
5.5
EPSS
0.0004
EPSS Percentile
11.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (1)
linux/linux_kernel
< 4.16
Published
Apr 11, 2018
Tracked Since
Feb 18, 2026