Re: [PATCH] scsi: libsas: fix use-after-free bug in smp_execute_task_sg

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Duoming,

> When executing SMP task failed, the smp_execute_task_sg() calls
> del_timer() to delete the "slow_task->timer". However, if the timer
> handler sas_task_internal_timedout() is running, the del_timer() in
> smp_execute_task_sg() will not stop it and the UAF bug will happen.

Applied to 6.1/scsi-staging, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux