DEBIAN-CVE-2022-48791
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-48791
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-48791.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-48791
- Upstream
- Published
- 2024-07-16T12:15:03Z
- Modified
- 2025-09-18T01:44:31.767931Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sastask Currently a use-after-free may occur if a TMF sastask is aborted before we handle the IO completion in mpisspcompletion(). The abort occurs due to timeout. When the timeout occurs, the SASTASKSTATEABORTED flag is set and the sastask is freed in pm8001execinternaltmftask(). However, if the I/O completion occurs later, the I/O completion still thinks that the sas_task is available. Fix this by clearing the ccb->task if the TMF times out - the I/O completion handler does nothing if this pointer is cleared.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.103-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source