Vulnerability-Lookup

BDU:2019-02826

Vulnerability from fstec - Published: 25.09.2018

Title

Уязвимость функций smp_task_timedout () и smp_task_done () в файле drivers/scsi/libsas/sas_expander.c ядра операционной системы Linux, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость функций smp_task_timedout () и smp_task_done () в файле drivers/scsi/libsas/sas_expander.c ядра операционной системы Linux связана с ошибками синхронизации при использовании общего ресурса. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать влияние на конфиденциальность, целостность и доступность защищаемой информации

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc.

Software Name

Ubuntu, Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Basesystem, SUSE CaaS Platform, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Build System Kit, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Live Patching, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise Server for SAP Applications, Linux

Software Version

16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 3.0 (SUSE CaaS Platform), 5 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise Module for Development Tools), 15 SP1 (SUSE Linux Enterprise Module for Development Tools), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP3 (SUSE Linux Enterprise Build System Kit), 12 SP4 (SUSE Linux Enterprise Build System Kit), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP2 (SUSE Linux Enterprise High Availability), 12 SP3 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise High Availability), 15 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise Live Patching), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Live Patching), 12 (SUSE Linux Enterprise Module for Public Cloud), 15 (SUSE Linux Enterprise Module for Public Cloud), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 11 SP4-LTSS (Suse Linux Enterprise Server), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Live Patching), 12 SP3-LTSS (Suse Linux Enterprise Server), 8 (Debian GNU/Linux), от 4.0 до 4.4.179 включительно (Linux), от 4.5 до 4.9.174 включительно (Linux), от 4.10 до 4.14.117 включительно (Linux), от 4.15 до 4.19.41 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.118 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.42 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.180 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.175 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2018-20836/ Для программных продуктов Canonical Ltd.: https://usn.ubuntu.com/4076-1/ Для Debian: Обновление программного обеспечения (пакета linux) до 4.19.37-5+deb10u2 или более поздней версии

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://www.securityfocus.com/bid/108196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20836 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.118 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.42 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.180 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.175 https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html https://nvd.nist.gov/vuln/detail/CVE-2018-20836 https://nvd.nist.gov/vuln/detail/CVE-2018-20836?cpeVersion=2.2 https://seclists.org/bugtraq/2019/Aug/13 https://seclists.org/bugtraq/2019/Aug/18 https://security.netapp.com/advisory/ntap-20190719-0003/ https://security-tracker.debian.org/tracker/CVE-2018-20836 https://support.f5.com/csp/article/K11225249 https://ubuntu.com/security/notices/USN-4076-1 https://usn.ubuntu.com/4076-1/ https://usn.ubuntu.com/usn/usn-4076-1 https://www.cve.org/CVERecord?id=CVE-2018-20836 https://www.debian.org/security/2019/dsa-4495 https://www.debian.org/security/2019/dsa-4497 https://www.suse.com/security/cve/CVE-2018-20836/

CWE

CWE-362, CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 3.0 (SUSE CaaS Platform), 5 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise Module for Development Tools), 15 SP1 (SUSE Linux Enterprise Module for Development Tools), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP3 (SUSE Linux Enterprise Build System Kit), 12 SP4 (SUSE Linux Enterprise Build System Kit), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP2 (SUSE Linux Enterprise High Availability), 12 SP3 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise High Availability), 15 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise Live Patching), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Live Patching), 12 (SUSE Linux Enterprise Module for Public Cloud), 15 (SUSE Linux Enterprise Module for Public Cloud), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 11 SP4-LTSS (Suse Linux Enterprise Server), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Live Patching), 12 SP3-LTSS (Suse Linux Enterprise Server), 8 (Debian GNU/Linux), \u043e\u0442 4.0 \u0434\u043e 4.4.179 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.174 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.117 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.41 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux: \nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae\nhttps://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae\nhttps://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.118\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.42\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.180\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.175\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.: https://www.suse.com/security/cve/CVE-2018-20836/\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Canonical Ltd.: https://usn.ubuntu.com/4076-1/\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 linux) \u0434\u043e 4.19.37-5+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.09.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "08.08.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02826",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-20836",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Basesystem, SUSE CaaS Platform, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Build System Kit, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Live Patching, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise Server for SAP Applications, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 smp_task_timedout () \u0438 smp_task_done () \u0432 \u0444\u0430\u0439\u043b\u0435 drivers/scsi/libsas/sas_expander.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb) (CWE-362), \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 smp_task_timedout () \u0438 smp_task_done () \u0432 \u0444\u0430\u0439\u043b\u0435 drivers/scsi/libsas/sas_expander.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html\nhttp://www.securityfocus.com/bid/108196\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20836\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae\nhttps://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.118\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.42\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.180\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.175\nhttps://lists.debian.org/debian-lts-announce/2019/08/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/08/msg00017.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20836\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20836?cpeVersion=2.2\nhttps://seclists.org/bugtraq/2019/Aug/13\nhttps://seclists.org/bugtraq/2019/Aug/18\nhttps://security.netapp.com/advisory/ntap-20190719-0003/\nhttps://security-tracker.debian.org/tracker/CVE-2018-20836\nhttps://support.f5.com/csp/article/K11225249\nhttps://ubuntu.com/security/notices/USN-4076-1\nhttps://usn.ubuntu.com/4076-1/\nhttps://usn.ubuntu.com/usn/usn-4076-1\nhttps://www.cve.org/CVERecord?id=CVE-2018-20836\nhttps://www.debian.org/security/2019/dsa-4495\nhttps://www.debian.org/security/2019/dsa-4497\nhttps://www.suse.com/security/cve/CVE-2018-20836/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-362, CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}

CVE-2018-20836 (GCVE-0-2018-20836)

Vulnerability from cvelistv5 – Published: 2019-05-07 13:04 – Updated: 2024-08-05 12:12

Summary

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/b90cd6f2…	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torv…	x_refsource_MISC
	http://www.securityfocus.com/bid/108196	vdb-entryx_refsource_BID
	https://support.f5.com/csp/article/K11225249	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2019071…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4076-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.debian.org/security/2019/dsa-4495	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/13	mailing-listx_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/18	mailing-listx_refsource_BUGTRAQ
	https://www.debian.org/security/2019/dsa-4497	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:12:27.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"
          },
          {
            "name": "108196",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K11225249"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
          },
          {
            "name": "openSUSE-SU-2019:1716",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2019:1757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
          },
          {
            "name": "USN-4076-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4076-1/"
          },
          {
            "name": "DSA-4495",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4495"
          },
          {
            "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/13"
          },
          {
            "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/18"
          },
          {
            "name": "DSA-4497",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4497"
          },
          {
            "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
          },
          {
            "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-14T13:06:09.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"
        },
        {
          "name": "108196",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K11225249"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
        },
        {
          "name": "openSUSE-SU-2019:1716",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2019:1757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
        },
        {
          "name": "USN-4076-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4076-1/"
        },
        {
          "name": "DSA-4495",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4495"
        },
        {
          "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/13"
        },
        {
          "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/18"
        },
        {
          "name": "DSA-4497",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4497"
        },
        {
          "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
        },
        {
          "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"
            },
            {
              "name": "108196",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108196"
            },
            {
              "name": "https://support.f5.com/csp/article/K11225249",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K11225249"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190719-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
            },
            {
              "name": "openSUSE-SU-2019:1716",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2019:1757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
            },
            {
              "name": "USN-4076-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4076-1/"
            },
            {
              "name": "DSA-4495",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4495"
            },
            {
              "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/13"
            },
            {
              "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/18"
            },
            {
              "name": "DSA-4497",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4497"
            },
            {
              "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
            },
            {
              "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20836",
    "datePublished": "2019-05-07T13:04:44.000Z",
    "dateReserved": "2019-05-07T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:12:27.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-02826

CVE-2018-20836 (GCVE-0-2018-20836)

Tags

Sightings

Nomenclature