CVE-2026-45977

A flaw was found in the Linux kernel's fbnic Fibre Channel over Ethernet Network Interface Card driver. A race condition exists in the handling of firmware logs, where the log can be freed while still being accessed. This can lead to a use-after-free vulnerability, potentially allowing an attacke...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: ibmvfc: Queue resources are only allocated/free during probe/remove operations. Currently, sub-queues and event pool resources are allocated/free for every CRQ connection event, such as reset and LPM. This exposes the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Add a check for a null pointer when cleaning up the lpfcvport structure. If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resulting cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: Reverted “scsi: fcoe: Fix potential deadlock on &fip-ctlrlock”. This reversion involves commit 1a1975551943f681772720f639ff42fbaa746212. This commit caused interrupts for FCoE devices to be lost, as it changed the sping loc...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qedf: Add stagwork to all the vports A call trace was observed when creating NPIV ports. Only 32 out of 64 ports are online. The stagwork was not initialized for the vports; therefore, it needs to be initialized. Warning...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Release the hbalock before calling lpfcworkerwakeup. The lpfcworkerwakeup function calls the lpfcworkdone routine, which takes the hbalock. Therefore, lpfcworkerwakeup should not be called while holding the hbalock to...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet: The cqe.result field must always be initialized. The specification does not require that the first two double-word fields also known as “results” for a command queue entry need to be set to 0 when they are not used this is...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure that the DAID handling is completed before deleting an NPIV instance. Deleting an NPIV instance requires that all fabric ndlps be released before NPIV’s resources can be destroyed. Failure to release the fabric...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them as SCSI devices in a guest VM. I/O to the vFC device is handled by the...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoiding deadlock on the delete association path When deleting an association, the shutdown path experiences a deadlock condition because we try to flush the nvmetwq nested. This issue can be avoided by delaying the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The issue of double-free of the fcport has been completely fixed. In the function qla24xxelsdcmdiocb, sp-free is set to qla2x00elsdcmdspfree. When an error occurs, this function is called by qla2x00sprelease. Durin...

CVE-2026-43414

A flaw was found in the Linux kernel's qla2xxx SCSI driver. An issue exists where a Fibre Channel port fcport object can be freed twice due to an error in the qla2x00elsdcmdspfree function. This double free vulnerability can lead to memory corruption, potentially causing system instability or a...

CVE-2026-43414

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by qla2x00sprelease, when krefput releases the first and the last...

Linux Distros Unpatched Vulnerability : CVE-2026-43414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed the buffer release/clearing order in the deferred receive path. A use-after-free condition was addressed by correcting the buffer release sequence in the deferred receive path. The code first releases the RQ...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: The BUGON flag has been removed when the event pool is empty. In practice, the driver should never send more commands than are allocated to the event pool. If this happens, the code will assert the BUGON flag. In th...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed a resource leak in lpfcsli4sendseqtoulp. If no handler is found in lpfccompleteunsoliocb that matches the rctl of a received frame, the frame is discarded, and resources may be leaked. This issue was fixed by...

EUVD-2026-26319

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()

...

CVE-2026-31464

A flaw was found in the Linux kernel's scsi: ibmvfc driver. A malicious or compromised Virtual I/O VIO server can exploit this by sending a crafted response during target discovery. This response can cause an out-of-bounds memory access, leading to the disclosure of sensitive kernel memory...