| Vulnerability Name: | CVE-2018-10021 (CCN-141588) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2018-03-08 | ||||||||||||||||||||||||||||||||||||
| Published: | 2018-03-08 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2019-10-03 | ||||||||||||||||||||||||||||||||||||
| Summary: | ** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. Note: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-10021 Source: MISC Type: Vendor Advisory http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=318aaf34f1179b39fa9c30fa0f3288b645beee39 Source: CCN Type: IBM Security Bulletin 843434 (API Connect) IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018 Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.suse.com/show_bug.cgi?id=1089281 Source: XF Type: UNKNOWN linux-kernel-cve201810021-dos(141588) Source: CCN Type: Linux Kernel GIT Repository scsi: libsas: defer ata device eh commands to libata Source: MISC Type: Third Party Advisory https://github.com/torvalds/linux/commit/318aaf34f1179b39fa9c30fa0f3288b645beee39 Source: MLIST Type: UNKNOWN [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package Source: UBUNTU Type: UNKNOWN USN-3678-1 Source: UBUNTU Type: UNKNOWN USN-3678-2 Source: UBUNTU Type: UNKNOWN USN-3678-3 Source: UBUNTU Type: UNKNOWN USN-3678-4 Source: UBUNTU Type: UNKNOWN USN-3696-1 Source: UBUNTU Type: UNKNOWN USN-3696-2 Source: UBUNTU Type: UNKNOWN USN-3754-1 | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||