Linux Kernel PM8001 SCSI Driver Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's PM8001 SCSI driver. Disabling the remote PHY for a SATA disk can lead to a system hang. This issue arises because the driver fails to properly account for internal abort commands, causing a per-device request counter to remain incremented and blocking progress. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a system hang, with tasks being blocked for an extended period.

Reproduction

To reproduce this issue, disable the remote PHY for a SATA disk by writing '0' to the 'enable' file of the corresponding SAS PHY. This action will trigger a hang, as the SCSI cache synchronization fails and the disk stops responding, leading to a blocked task that can be observed in the system logs.

Remediation

No specific remediation is mentioned, but users can avoid the issue by not disabling the remote PHY for SATA disks.