CVE-2018-20836
published 2019-05-07CVE-2018-20836: An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 5.2.6-1 (bookworm) | linux 5.2.6-1 (bookworm) |
| f5 | traffix_signaling_delivery_controller | — | — |
| f5 | traffix_signaling_delivery_controller | — | — |
| linux | linux_kernel | < 3.16.72 | 3.16.72 |
| linux | linux_kernel | >= 0 < 5.2.6-1 | 5.2.6-1 |
| linux | linux_kernel | >= 0 < 5.2.6-1 | 5.2.6-1 |
| linux | linux_kernel | >= 0 < 5.2.6-1 | 5.2.6-1 |
| linux | linux_kernel | >= 0 < 5.2.6-1 | 5.2.6-1 |
| linux | linux_kernel | >= 0 < 4.4.0-157.185 | 4.4.0-157.185 |
| linux | linux_kernel | >= 3.17 < 3.18.140 | 3.18.140 |
| linux | linux_kernel | >= 3.19 < 4.4.180 | 4.4.180 |
| linux | linux_kernel | >= 4.10 < 4.14.118 | 4.14.118 |
| linux | linux_kernel | >= 4.15 < 4.19.42 | 4.19.42 |
| linux | linux_kernel | >= 4.5 < 4.9.175 | 4.9.175 |
| netapp | active_iq_unified_manager | >= 9.5 | — |
| netapp | vasa_provider_for_clustered_data_ontap | >= 7.2 | — |
| netapp | virtual_storage_console | >= 7.2 | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH