An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Netapp
  • Snapprotect
  • Storage Replication Adapter For Clustered Data Ontap
  • Solidfire \& Hci Storage Node
  • Vasa Provider For Clustered Data Ontap
  • Virtual Storage Console
  • Hci Compute Node
  • Solidfire \& Hci Management Node
  • Active Iq Unified Manager
Opensuse
  • Leap
F5
  • Traffix Signaling Delivery Controller
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html Mailing List Third Party Advisory
http://www.securityfocus.com/bid/108196 Third Party Advisory VDB Entry
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae Patch Vendor Advisory
https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/13 Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/18 Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190719-0003/ Third Party Advisory
https://support.f5.com/csp/article/K11225249 Third Party Advisory
https://usn.ubuntu.com/4076-1/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4495 Third Party Advisory
https://www.debian.org/security/2019/dsa-4497 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-07T13:04:44

Updated: 2019-08-14T13:06:09

Reserved: 2019-05-07T00:00:00

Link: CVE-2018-20836

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2019-05-07T14:29:00.303

Modified: 2022-11-03T02:22:37.750

Link: CVE-2018-20836

JSON object: View

cve-icon Redhat Information

No data.

CWE