CVE-2018-10021

Severity

49%

Complexity

39%

Confidentiality

115%

** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables.

** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables.

CVSS 3.0 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 6 years ago

2018-04-11 17:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

Linux Kernel

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=318aaf34f1179b39fa9c30fa0f3288b645beee39

Vendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1089281

Issue Tracking, Third Party Advisory

https://github.com/torvalds/linux/commit/318aaf34f1179b39fa9c30fa0f3288b645beee39

Third Party Advisory

[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package

USN-3678-1

USN-3678-2

USN-3678-3

USN-3678-4

USN-3696-1

USN-3696-2

USN-3754-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.