375 matches found
kernel: scsi: qla2xxx: Completely fix fcport double free
A flaw was found in the Linux kernel's qla2xxx SCSI driver. An issue exists where a Fibre Channel port fcport object can be freed twice due to an error in the qla2x00elsdcmdspfree function. This double free vulnerability can lead to memory corruption, potentially causing system instability or a...
kernel: scsi: qla2xxx: Completely fix fcport double free
A flaw was found in the Linux kernel's qla2xxx SCSI driver. An issue exists where a Fibre Channel port fcport object can be freed twice due to an error in the qla2x00elsdcmdspfree function. This double free vulnerability can lead to memory corruption, potentially causing system instability or a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure that the DAID handling is completed before deleting an NPIV instance. Deleting an NPIV instance requires that all fabric ndlps be released before the resources of the NPIV can be destroyed. Failure to release t...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet: The cqe.result field must always be initialized. The specification does not require that the first two double-word values i.e., the “results” for a command queue entry need to be set to 0 when they are not used this is not...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them as SCSI devices in a guest VM. I/O to the vFC device is handled by the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qedf: Add stagwork to all the vports A call trace was observed when creating NPIV ports. Only 32 out of 64 ports are shown as online. The stagwork was not initialized for the vports; therefore, it needs to be initialized...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoiding deadlock on the delete association path When deleting an association, the shutdown path experiences a deadlock condition because we try to flush the nvmetwq nested structure. This issue can be avoided by delayi...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: Reverted “scsi: fcoe: Fix potential deadlock on &fip-ctlrlock”. This revertment is associated with the commit 1a1975551943f681772720f639ff42fbaa746212. This commit causes interrupts to be lost for FCoE devices, as it change...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Release the hbalock before calling lpfcworkerwakeup. The lpfcworkerwakeup function calls the lpfcworkdone routine, which requires holding the hbalock. Therefore, lpfcworkerwakeup should not be called while holding the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Add a check for a null pointer when cleaning up the lpfcvport structure. If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resulting cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The issue of double-free of the fcport has been completely fixed. In the function qla24xxelsdcmdiocb, sp-free is set to qla2x00elsdcmdspfree. When an error occurs, this function is called by qla2x00sprelease, where...
CVE-2026-45977
A flaw was found in the Linux kernel's fbnic Fibre Channel over Ethernet Network Interface Card driver. A race condition exists in the handling of firmware logs, where the log can be freed while still being accessed. This can lead to a use-after-free vulnerability, potentially allowing an attacke...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: The BUGON flag has been removed when the event pool is empty. In practice, the driver should never send more commands than are allocated to the event pool. If this happens, the code will assert the BUGON flag. In th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: ibmvfc: Queue resources are only allocated/free during probe/remove operations. Currently, sub-queues and event pool resources are allocated/free for every CRQ connection event, such as reset and LPM. This exposes the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed a resource leak in lpfcsli4sendseqtoulp If no handler is found in lpfccompleteunsoliocb that matches the received frame’s RCTL, the frame is discarded, and resources may be leaked. This issue was fixed by...
CVE-2026-43414
A flaw was found in the Linux kernel's qla2xxx SCSI driver. An issue exists where a Fibre Channel port fcport object can be freed twice due to an error in the qla2x00elsdcmdspfree function. This double free vulnerability can lead to memory corruption, potentially causing system instability or a...
CVE-2026-43414
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by qla2x00sprelease, when krefput releases the first and the last...
Linux Distros Unpatched Vulnerability : CVE-2026-43414
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by...
EUVD-2026-26319
FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
...