PT-2018-2968 · Linux+5 · Linux Kernel+5

Chenxiang

·

Published

2018-09-25

·

Updated

2022-11-03

·

CVE-2018-20836

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.20
Description The issue is related to errors in synchronization when using a shared resource, specifically a race condition in the smp task timedout() and smp task done() functions in the drivers/scsi/libsas/sas expander.c file. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The race condition leads to a use-after-free scenario.
Recommendations For Linux kernel versions prior to 4.20, update to version 4.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the sas expander.c file or the affected functions smp task timedout() and smp task done() to minimize the risk of exploitation.

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALT-PU-2019-1139
ALT-PU-2019-1363
ALT-PU-2019-1794
BDU:2019-02826
CESA-2020_4060
CVE-2018-20836
DLA-1884-1
DLA-1885-1
DSA-4495-1
DSA-4497-1
OPENSUSE-SU-2019:1716-1
OPENSUSE-SU-2019:1757-1
OPENSUSE-SU-2019_1716-1
OPENSUSE-SU-2019_1757-1
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020:5656
RHSA-2020_4060
RHSA-2020_4062
RHSA-2021:0019
SUSE-SU-2019:14127-1
SUSE-SU-2019:1823-1
SUSE-SU-2019:1823-2
SUSE-SU-2019:1829-1
SUSE-SU-2019:1851-1
SUSE-SU-2019:1852-1
SUSE-SU-2019:1854-1
SUSE-SU-2019:1855-1
SUSE-SU-2019:1870-1
SUSE-SU-2019:2069-1
SUSE-SU-2019:2430-1
SUSE-SU-2019:2450-1
SUSE-SU-2019_14127-1
SUSE-SU-2019_1823-1
SUSE-SU-2019_1823-2
SUSE-SU-2019_1852-1
SUSE-SU-2019_1854-1
SUSE-SU-2019_1870-1
SUSE-SU-2020:1084-1
SUSE-SU-2020:1118-1
SUSE-SU-2020:1142-1
SUSE-SU-2020_1118-1
SUSE-SU-2020_1142-1
USN-4076-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu