APPLIED/cmt: [Xenial][SRU][CVE-2017-18232][PATCH 0/1] SAS DoS
Khaled Elmously
khalid.elmously at canonical.com
Mon Sep 30 20:18:39 UTC 2019
(Applied to xenial)
I recall I had spent a considerable amount of time on this CVE at one point and needed about 10 patches to get it fixed.
I'd love to go over this to see how this 1-patch resolves the CVE. I'll try to find time for that..at some point.
On 2019-09-27 09:19:22 , Connor Kuehl wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18232.html
>
> From the link above:
>
> "The Serial Attached SCSI (SAS) implementation in the Linux kernel through
> 4.15.9 mishandles a mutex within libsas, which allows local users to cause
> a denial of service (deadlock) by triggering certain error-handling
> code."
>
> Context adjustment was required for one of the hunks (see the patch for
> more information).
>
> Booted and modprobed libsas.
>
> Jason Yan (1):
> scsi: libsas: direct call probe and destruct
>
> drivers/scsi/libsas/sas_ata.c | 1 -
> drivers/scsi/libsas/sas_discover.c | 32 +++++++++++++++++-------------
> drivers/scsi/libsas/sas_expander.c | 8 +++-----
> drivers/scsi/libsas/sas_internal.h | 1 +
> drivers/scsi/libsas/sas_port.c | 3 +++
> include/scsi/libsas.h | 13 ++++++------
> include/scsi/scsi_transport_sas.h | 1 +
> 7 files changed, 32 insertions(+), 27 deletions(-)
>
> --
> 2.17.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list