{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T13:19:30.035","vulnerabilities":[{"cve":{"id":"CVE-2022-48791","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-07-16T12:15:03.910","lastModified":"2024-11-21T07:34:01.863","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted TMF sas_task\n\nCurrently a use-after-free may occur if a TMF sas_task is aborted before we\nhandle the IO completion in mpi_ssp_completion(). The abort occurs due to\ntimeout.\n\nWhen the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the\nsas_task is freed in pm8001_exec_internal_tmf_task().\n\nHowever, if the I/O completion occurs later, the I/O completion still\nthinks that the sas_task is available. Fix this by clearing the ccb->task\nif the TMF times out - the I/O completion handler does nothing if this\npointer is cleared."},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: pm8001: Corrección de use-after-free para TMF sas_task abortada Actualmente, puede ocurrir un use-after-free si se cancela una TMF sas_task antes de que manejemos la finalización de IO en mpi_ssp_completion( ). El aborto se produce debido al tiempo de espera. Cuando se agota el tiempo de espera, se establece el indicador SAS_TASK_STATE_ABORTED y sas_task se libera en pm8001_exec_internal_tmf_task(). Sin embargo, si la finalización de E/S se produce más tarde, la finalización de E/S todavía piensa que sas_task está disponible. Solucione este problema borrando la tarea ccb-> si se agota el tiempo de espera del TMF; el controlador de finalización de E/S no hace nada si se borra este puntero."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.102","matchCriteriaId":"FE2A35CB-3560-4AEF-9643-66B8EB899366"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.25","matchCriteriaId":"D098AA16-8E21-4EB7-AE2F-1EEB58E1A3A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.16.11","matchCriteriaId":"0D327234-5D4A-43DC-A6DF-BCA0CEBEC039"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}