Sreekanth Reddy

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the mpt3sas component of the Linux kernel, which is vulnerable to a resource management error. This error can cause a kernel panic when the driver attempts to access the `sas address` field of a `sas target` object without checking if the object is NULL. The vulnerability occurs when a drive is removed while the driver is looping over the shost's sdev list, resulting in the `sas target` object being freed but its `sdev` object remaining intact. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a use-after-free warning in the Linux kernel's mpt3sas component. This warning is observed during controller reset and is associated with a refcount t underflow. The vulnerability may allow an attacker to elevate privileges in the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.