Linux Kernel SCSI PM8001 Tag Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's SCSI PM8001 driver has been addressed, concerning improper management of tags during error handling. In several functions, including 'pm8001_chip_set_dev_state_req()' and 'pm8001_chip_fw_flash_update_req()', the driver failed to release allocated tags when command building encountered errors. This oversight could lead to resource leaks. Additionally, the 'pm8001_exec_internal_task_abort()' function was corrected to free tags associated with abort requests when the chip's task abort method failed.

Impact

The vulnerability could cause memory leaks by failing to release allocated tags, potentially leading to degraded system performance or resource exhaustion.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI PM8001 Tag Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating