73 matches found
CVE-2026-53186
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA SCSI RDMA Protocol SRP component. A malicious or compromised SRP target on the InfiniBand/RoCE fabric can exploit this vulnerability by sending a specially crafted SRP response with an excessively large data length. This can...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: There is a race condition where the error handler is only awakened when the last running command completes or times out. The order of execution of marking commands—either completed or failed—is not properly ordered...
USN-8412-1 qemu vulnerabilities
Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent lpfcdebugfslockstatwrite buffer overflow A static code analysis tool identified the possibility of buffer overflow when using copyfromuser for a debugfs entry. Currently, it is possible that copyfromuser copie...
Astra Linux – Vulnerability in Qemu
A NULL pointer dereference flaw was discovered in the SCSI emulation support of QEMU in versions prior to 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The greatest threat from this vulnerability is to system availability...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Freeing irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in freeirq. This will cause a kernel BUG like...
CVE-2026-43054
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...
scsi: pm8001: Fix use-after-free in pm8001_queue_command()
...
EUVD-2026-15230
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagsetrefcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid hangs with the following call trace: 130120.652718 scsiallocsdev: Allocation failure during SCSI...
scsi: qla2xxx: Fix bsg_done() causing double free
...
SUSE CVE-2025-71238
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsgdone causing double free Kernel panic observed on system, 5353358.825191 BUG: unable to handle page fault for address: ff5f5e897b024000 5353358.825194 PF: supervisor write access in kernel mode 5353358.82519...
SUSE CVE-2026-23110
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands completed or failed so that the error handler only wakes when the last running command completes o...
ROS-20260205-73-0032
A vulnerability in the iscsi component of the Linux operating system kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fixed an array overflow issue in stsetup. The array size is now adjusted to match the parameter size, rather than using a fixed value...
scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"
...
CVE-2025-68782
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset ttaskcdb pointer in error case If allocation of cmd-ttaskcdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL ttaskcdb value to point at the default fixed-size...
CVE-2025-68371
CVE-2025-68371 relates to the Linux kernel SCSI smartpqi driver. A race between the abort handler that schedules a LUN reset and device removal via sdev_destroy() could cause the LUN reset to run after the device was removed, leading to use‑after‑free and access to freed resources. The fix, as do...
SUSE CVE-2025-68316
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After DME Link Startup, the error return value is set to the MIPI UniPro GenericErrorCode which can be 0 SUCCESS or 1 FAILURE. Upon failure during driver probe, the error code...
EUVD-2025-203672
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a regression triggered by scsihostbusy Commit 995412e23bb2 "blk-mq: Replace tags-lock with SRCU for tag iterators" introduced the following regression: Call trace: srcureadlock+0x30/0x80 P...
EUVD-2023-59999
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...