Severity
Details
- CVSS score
- 7.8
- CVSS vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix kernel panic during drive powercycle test
While looping over shost’s sdev list it is possible that one of the drives is getting removed and its sas_target object is freed but its sdev object remains intact.
Consequently, a kernel panic can occur while the driver is trying to access the sas_address field of sas_target object without also checking the sas_target object for NULL.
Details
- Affected product:
- Ubuntu 16.04 ELS
- Affected packages:
- linux-hwe @ 4.15.0 (+1 more)
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix kernel panic during drive powercycle test
While looping over shost’s sdev list it is possible that one of the drives is getting removed and its sas_target object is freed but its sdev object remains intact.
Consequently, a kernel panic can occur while the driver is trying to access the sas_address field of sas_target object without also checking the sas_target object for NULL.