admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-487xx/CVE-2022-48791.json
cad-safe-bot c91693dc4a Auto-Update: 2024-07-21T02:00:18.731812+00:00
2024-07-21 02:03:14 +00:00

37 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-48791",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.910",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted TMF sas_task\n\nCurrently a use-after-free may occur if a TMF sas_task is aborted before we\nhandle the IO completion in mpi_ssp_completion(). The abort occurs due to\ntimeout.\n\nWhen the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the\nsas_task is freed in pm8001_exec_internal_tmf_task().\n\nHowever, if the I/O completion occurs later, the I/O completion still\nthinks that the sas_task is available. Fix this by clearing the ccb->task\nif the TMF times out - the I/O completion handler does nothing if this\npointer is cleared."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: pm8001: Correcci\u00f3n de use-after-free para TMF sas_task abortada Actualmente, puede ocurrir un use-after-free si se cancela una TMF sas_task antes de que manejemos la finalizaci\u00f3n de IO en mpi_ssp_completion( ). El aborto se produce debido al tiempo de espera. Cuando se agota el tiempo de espera, se establece el indicador SAS_TASK_STATE_ABORTED y sas_task se libera en pm8001_exec_internal_tmf_task(). Sin embargo, si la finalizaci\u00f3n de E/S se produce m\u00e1s tarde, la finalizaci\u00f3n de E/S todav\u00eda piensa que sas_task est\u00e1 disponible. Solucione este problema borrando la tarea ccb-> si se agota el tiempo de espera del TMF; el controlador de finalizaci\u00f3n de E/S no hace nada si se borra este puntero."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink