{"id":"CVE-2018-20836","details":"An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.","modified":"2026-04-02T00:59:34.562083Z","published":"2019-05-07T14:29:00.303Z","related":["SUSE-SU-2019:14127-1","SUSE-SU-2019:1823-1","SUSE-SU-2019:1823-2","SUSE-SU-2019:1829-1","SUSE-SU-2019:1851-1","SUSE-SU-2019:1852-1","SUSE-SU-2019:1854-1","SUSE-SU-2019:1855-1","SUSE-SU-2019:1870-1","SUSE-SU-2019:2069-1","SUSE-SU-2019:2430-1","SUSE-SU-2019:2450-1","SUSE-SU-2020:1084-1","SUSE-SU-2020:1118-1","SUSE-SU-2020:1142-1","openSUSE-SU-2019:1716-1","openSUSE-SU-2019:1757-1"],"references":[{"type":"ADVISORY","url":"https://support.f5.com/csp/article/K11225249"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4076-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4495"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Aug/13"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Aug/18"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190719-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4497"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/108196"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"},{"type":"FIX","url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git","events":[{"introduced":"0"},{"fixed":"b90cd6f2b905905fb42671009dc0e27c310a16ae"}]},{"type":"GIT","repo":"https://github.com/torvalds/linux","events":[{"introduced":"0"},{"fixed":"8fe28cb58bcb235034b64cbbb7550a8a43fd88be"},{"fixed":"b90cd6f2b905905fb42671009dc0e27c310a16ae"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.20"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20836.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.72"}]},{"events":[{"introduced":"3.17"},{"fixed":"3.18.140"}]},{"events":[{"introduced":"3.19"},{"fixed":"4.4.180"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.175"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.118"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.42"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.1.0"}]},{"events":[{"introduced":"9.5"}]},{"events":[{"introduced":"7.2"}]},{"events":[{"introduced":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}