Linux Kernel SCSI PM8001 Task Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's SCSI PM8001 driver has been addressed, which involved a task leak in the 'pm8001_send_abort_all()' function. The issue arose because the function failed to properly free allocated SAS tasks when 'pm8001_tag_alloc()' or 'pm8001_mpi_build_cmd()' encountered errors.

Impact

Exploitation of this vulnerability could lead to a memory leak, where allocated SAS tasks are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI PM8001 Task Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating