55 matches found
SUSE CVE-2026-43352
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RINGCTRLABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: 1. The driver unconditionally issues a ring abort even when the ring has already stopped. 2. The...
CVE-2026-43399
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpuuserqwaitioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd2...
CVE-2026-43352
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RINGCTRLABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: 1. The driver unconditionally issues a ring abort even when the ring has already stopped. 2. The...
CVE-2026-43399
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpuuserqwaitioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd2...
UBUNTU-CVE-2026-43352
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RINGCTRLABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: 1. The driver unconditionally issues a ring abort even when the ring has already stopped. 2. The...
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RINGCTRLABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: 1. The driver unconditionally issues a ring abort even when the ring has already stopped. 2. The...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler calls the SCSI LLD ehaborthandler callback, it performs one of the following actions: Calls scsiqueueinsert. Calls scsifinishcommand. Calls scsiehscmdadd...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improved SCSI abort handling The following issue was observed in a test setup: WARNING: CPU: 4, PID: 250: At drivers/scsi/ufs/ufshcd.c, line 2737: ufshcdqueuecommand+0x468/0x65c. Call trace:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fixed the issue where iscsitask was used after freeing it. The commit d39df158518c “scsi: iscsi: Have abort handler get ref to conn” added calls to iscsigetconn/iscsiputconn during abort handling. However, it also...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Added TMF to tmrlist handling An abort that is responded to by iSCSI itself is added to tmrlist, but it does not go to the target core. A LUNRESET that goes through tmrlist takes a refcounter on the abort and...
kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is late...
DEBIAN-CVE-2023-53701
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: deactivate anonymous set from preparation phase backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab Toggle deleted anonymous sets as inactive in the next generation, so users cannot perform any upda...
EUVD-2023-60022
In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 "mm/sparse-vmemmap: improve memory savings for compound devmaps" added support for using optimized vmmemap for devdax devices. But how vmemmap...
EUVD-2025-34606
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput doesn't actually call fileoperations release synchronously, it puts the file on a work queue and it will be released eventually. This is normally fine, except for iommufd t...
CVE-2025-39966
CVE-2025-39966 (Linux kernel, iommufd) : A race during abort for file descriptors could cause a use-after-free when the object is freed while a file’s private_data references it. The bug arises because fput() defers release() to a workqueue; ifAbort allocation fails before installing the file, th...
CVE-2025-39966 iommufd: Fix race during abort for file descriptors
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput doesn't actually call fileoperations release synchronously, it puts the file on a work queue and it will be released eventually. This is normally fine, except for iommufd t...
SUSE CVE-2023-53586
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUNRESET handling This fixes a bug where an initiator thinks a LUNRESET has cleaned up running commands when it hasn't. The bug was added in commit 51ec502a3266 "target: Delete tmr from list before...
CVE-2023-53586 scsi: target: Fix multiple LUN_RESET handling
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUNRESET handling This fixes a bug where an initiator thinks a LUNRESET has cleaned up running commands when it hasn't. The bug was added in commit 51ec502a3266 "target: Delete tmr from list before...
EUVD-2024-54046
Malicious code in bioql PyPI...
CVE-2023-53228 drm/amdgpu: drop redundant sched job cleanup when cs is aborted
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in amdgpucssubmit, legacy code will perform cleanup of scheduler job. However, it's not needed at all, as...