CVE-2022-48792— scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-48792
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_sata_completion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sas_task in pm8001_ccb_task_free() call. When complete() is called, the upper layer may free the sas_task. As such, we should not touch the associated sas_task afterwards, but we do so in the pm8001_ccb_task_free() call. Fix by swapping the complete() and pm8001_ccb_task_free() calls ordering.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于scsi:pm8001模块中发现使用后释放问题。如果在处理I/O完成之前上层取消sas_task,则可能会发生使用后释放。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2022-48792
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-48792
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-07-16 · 98 CVEs total
| CVE-2022-48832 | audit: don't deref the syscall args when checking the openat2 open_how::flags | |
| CVE-2022-48826 | drm/vc4: Fix deadlock on DSI device attach error | |
| CVE-2022-48822 | usb: f_fs: Fix use-after-free for epfile | |
| CVE-2022-48821 | misc: fastrpc: avoid double fput() on failed usercopy | |
| CVE-2022-48819 | tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case | |
| CVE-2022-48820 | phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() | |
| CVE-2022-48818 | net: dsa: mv88e6xxx: don't use devres for mdiobus | |
| CVE-2022-48823 | scsi: qedf: Fix refcount issue when LOGO is received during TMF | |
| CVE-2022-48830 | can: isotp: fix potential CAN frame reception race in isotp_rcv() | |
| CVE-2022-48831 | ima: fix reference leak in asymmetric_verify() | |
| CVE-2022-48828 | NFSD: Fix ia_size underflow | |
| CVE-2022-48834 | usb: usbtmc: Fix bug in pipe direction for control transfers | |
| CVE-2022-48833 | btrfs: skip reserved bytes warning on unmount after log cleanup failure | |
| CVE-2022-48835 | scsi: mpt3sas: Page fault in reply q processing | |
| CVE-2022-48837 | usb: gadget: rndis: prevent integer overflow in rndis_set_response() | |
| CVE-2022-48836 | Input: aiptek - properly check endpoint type | |
| CVE-2022-48838 | usb: gadget: Fix use-after-free bug by not setting udc->dev.driver | |
| CVE-2022-48839 | net/packet: fix slab-out-of-bounds access in packet_recvmsg() | |
| CVE-2022-48840 | iavf: Fix hang during reboot/shutdown | |
| CVE-2022-48842 | ice: Fix race condition during interface enslave |
Showing top 20 of 98 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2022-48792
No comments yet