Jason Yan

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.15.9 Description: The issue is related to the Serial Attached SCSI (SAS) implementation in the Linux kernel, which mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. Recommendations: For Linux kernel versions prior to 4.15.9, update to version 4.15.9 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.15.8 Description: The issue allows local users to cause a denial of service due to memory consumption. This can be achieved via many read accesses to files in the /sys/class/sas phy directory. For example, accessing the /sys/class/sas phy/phy-1:0:12/invalid dword count file can demonstrate this issue. Recommendations: For Linux kernel versions prior to 4.15.8, update to version 4.15.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the /sys/class/sas phy directory to minimize the risk of exploitation.