CVE-2022-48792

HIGH

Linux Kernel - Use-After-Free in SCSI pm8001 SSP/STP Task Completion

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/fe9ac3eaa2e387a5742b380b73a5a6bc237bf184

Patch

https://git.kernel.org/stable/c/d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2

Patch

https://git.kernel.org/stable/c/f61f9fccb2cb4bb275674a79d638704db6bc2171

Patch

https://git.kernel.org/stable/c/df7abcaa1246e2537ab4016077b5443bb3c09378

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 14.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (14)

linux/Kernel 4.15.0 - 5.10.102linux

linux/Kernel 5.11.0 - 5.15.25linux

linux/Kernel 5.16.0 - 5.16.11linux

Linux/Linux < 4.15

Linux/Linux 4.15

Linux/Linux 5.10.102 - 5.10.*

Linux/Linux 5.15.25 - 5.15.*

Linux/Linux 5.16.11 - 5.16.*

Linux/Linux 5.17

Linux/Linux 869ddbdcae3b4fb83b99889abae31544c149b210 - d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2

... and 4 more

Published Jul 16, 2024

Tracked Since Feb 18, 2026