{"id":"CVE-2022-48792","summary":"scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n   the I/O.\n\n - Release driver resources associated with the sas_task in\n   pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering.","modified":"2026-04-02T08:27:00.970323Z","published":"2024-07-16T11:43:48.026Z","related":["SUSE-SU-2024:2892-1","SUSE-SU-2024:2893-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2901-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2923-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2940-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:2948-1","SUSE-SU-2025:0892-1","SUSE-SU-2025:0893-1","SUSE-SU-2025:0898-1","SUSE-SU-2025:0904-1","SUSE-SU-2025:0908-1","SUSE-SU-2025:0942-1","SUSE-SU-2025:0943-1","SUSE-SU-2025:0944-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48792.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/df7abcaa1246e2537ab4016077b5443bb3c09378"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f61f9fccb2cb4bb275674a79d638704db6bc2171"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fe9ac3eaa2e387a5742b380b73a5a6bc237bf184"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48792.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48792"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"869ddbdcae3b4fb83b99889abae31544c149b210"},{"fixed":"fe9ac3eaa2e387a5742b380b73a5a6bc237bf184"},{"fixed":"d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2"},{"fixed":"f61f9fccb2cb4bb275674a79d638704db6bc2171"},{"fixed":"df7abcaa1246e2537ab4016077b5443bb3c09378"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48792.json"}}],"schema_version":"1.7.5"}