An issue was discovered in the Linux kernel before 4.20. There is a race condition in smptasktimedout() and smptaskdone() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
{ "vanir_signatures": [ { "signature_version": "v1", "deprecated": false, "target": { "file": "drivers/scsi/libsas/sas_expander.c", "function": "smp_task_done" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@b90cd6f2b905905fb42671009dc0e27c310a16ae", "digest": { "length": 154.0, "function_hash": "307957385089306599652952625713986691397" }, "signature_type": "Function", "id": "CVE-2018-20836-06828edb" }, { "signature_version": "v1", "deprecated": false, "target": { "file": "drivers/scsi/libsas/sas_expander.c" }, "source": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", "digest": { "line_hashes": [ "79329132306835323618125017227258452297", "259512432151908153033786559093446009492", "55928960868957675651287624478801888652", "215044261579905212664691919533053392052", "283300684877001670030383325758410971239", "239425224676917972436513338797663112947", "189520970321175521556561971980502225798", "160204734995764887015654446472901982246", "107016967831729929578658350680402981996", "76657143117481069340630836345279939845", "335652814899384924167993757052028935585", "64401434267038236419324933944602517187" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2018-20836-55d22e2f" }, { "signature_version": "v1", "deprecated": false, "target": { "file": "drivers/scsi/libsas/sas_expander.c", "function": "smp_task_timedout" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@b90cd6f2b905905fb42671009dc0e27c310a16ae", "digest": { "length": 391.0, "function_hash": "310914938696573012277784096016058830912" }, "signature_type": "Function", "id": "CVE-2018-20836-5f77d1f5" }, { "signature_version": "v1", "deprecated": false, "target": { "file": "drivers/scsi/libsas/sas_expander.c", "function": "smp_task_done" }, "source": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", "digest": { "length": 154.0, "function_hash": "307957385089306599652952625713986691397" }, "signature_type": "Function", "id": "CVE-2018-20836-67f96767" }, { "signature_version": "v1", "deprecated": false, "target": { "file": "drivers/scsi/libsas/sas_expander.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@b90cd6f2b905905fb42671009dc0e27c310a16ae", "digest": { "line_hashes": [ "79329132306835323618125017227258452297", "259512432151908153033786559093446009492", "55928960868957675651287624478801888652", "215044261579905212664691919533053392052", "283300684877001670030383325758410971239", "239425224676917972436513338797663112947", "189520970321175521556561971980502225798", "160204734995764887015654446472901982246", "107016967831729929578658350680402981996", "76657143117481069340630836345279939845", "335652814899384924167993757052028935585", "64401434267038236419324933944602517187" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2018-20836-88331964" }, { "signature_version": "v1", "deprecated": false, "target": { "file": "drivers/scsi/libsas/sas_expander.c", "function": "smp_task_timedout" }, "source": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", "digest": { "length": 391.0, "function_hash": "310914938696573012277784096016058830912" }, "signature_type": "Function", "id": "CVE-2018-20836-d5b99bfd" } ] }