Memory leak in the sassmpgetphyevents function in drivers/scsi/libsas/sasexpander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sasphy directory, as demonstrated by the /sys/class/sasphy/phy-1:0:12/invaliddword_count file.