In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sastask Currently a use-after-free may occur if a sastask is aborted by the upper layer before we handle the I/O completion in mpisspcompletion() or mpisatacompletion(). In this case, the following are the two steps in handling those I/O completions: - Call complete() to inform the upper layer handler of completion of the I/O. - Release driver resources associated with the sastask in pm8001ccbtaskfree() call. When complete() is called, the upper layer may free the sastask. As such, we should not touch the associated sastask afterwards, but we do so in the pm8001ccbtaskfree() call. Fix by swapping the complete() and pm8001ccbtaskfree() calls ordering.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "linux-buildinfo-5.15.0-1008-intel-iotg", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-cloud-tools-5.15.0-1008-intel-iotg", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-headers-5.15.0-1008-intel-iotg", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-image-unsigned-5.15.0-1008-intel-iotg", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-image-unsigned-5.15.0-1008-intel-iotg-dbgsym", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-intel-iotg-5.15-cloud-tools-5.15.0-1008", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-intel-iotg-5.15-cloud-tools-common", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-intel-iotg-5.15-headers-5.15.0-1008", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-intel-iotg-5.15-tools-5.15.0-1008", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-intel-iotg-5.15-tools-common", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-intel-iotg-5.15-tools-host", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-modules-5.15.0-1008-intel-iotg", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-modules-extra-5.15.0-1008-intel-iotg", "binary_version": "5.15.0-1008.11~20.04.1" }, { "binary_name": "linux-tools-5.15.0-1008-intel-iotg", "binary_version": "5.15.0-1008.11~20.04.1" } ] }