1756 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme: fixed the SRCU protection for the nvmenshead list The process of walking the nvmenshead siblings list is protected by the head’s srcu in nvmensheadsubmitbio, but not in nvmempathrevalidatePaths. Removing namespaces from...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: fixed the mempool allocation size. The maximum size was converted to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. This result is used to determine how many PRP Lists a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: Handling of changes to the device’s DMA map requirements. The initial state of dmaneedsunmap might be false, but it becomes true during the DMA mapping process. Enabling swiotlb can affect the outcome in such cases...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: fixed UAF Use-after-Free issues when detecting digest errors. We should also exit the iowork loop when setting rdenabled to true, so that we do not attempt to read data from the socket when the TCP stream is already...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fixed the DMA-API call trace for NVMe LS requests. The following message and call trace were observed with debug kernels: DMA-API: qla2xxx 0000:41:00.0: The device driver failed to check the map error device...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Fixed the requirement that devices managed by PME polling must be in the RPMACTIVE state. The fix notes that devices managed by runtime PM need to be in the RPMACTIVE state for PME polling. In fact, only devices in low-power...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A flaw was discovered in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packets when using NVMe over TCP. This can lead to the NVMe driver dereferencing a NULL pointer, resulting in kernel panic and a denial of service...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A flaw was discovered in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packets when using NVMe over TCP. This can lead to the NVMe driver dereferencing a NULL pointer, resulting in kernel panic and a denial of service...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Null pointer dereferencing has been prevented in nvmefciogetuuid. The nvmefcfcpop structure, which describes an AEN operation, is initialized with a null pointer to the request structure. An FC LLDD may make a call to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: fscrypt: fixed an underflow issue during left shift when inode-iblkbits PAGESHIFT When simulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, an error trace appears during partition...
Astra Linux – Vulnerability in Qemu
A issue was discovered in QEMU versions 7.1.0 through 8.2.1. In hw/pci/pciesriov.c, the registervfs function does not set NumVFs to PCISRIOVTOTALVF, resulting in improper interaction with hw/nvme/ctrl.c...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A out-of-bounds read vulnerability was discovered in the NVMe-oF/TCP subsystem within the Linux kernel. This issue may allow a remote attacker to send a specially crafted TCP packet, triggering a heap-based buffer overflow. As a result, data from kmalloc will be printed, and it may also be leaked...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Do not wait in vain when unloading the module. There is a race condition in the module exit path, where the process tries to delete all controllers and free up the “leftover IDs”. To prevent double-freeing of resources, ...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvme: fixed a possible use-after-free in controller reset during load Unlike .queuerq, in .submitasyncevent, drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condition, which was...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fixed a possible use-after-free in the transport errorrecovery process. While nvmerdmasubmitasynceventwork checks the ctrl and queue states before preparing the AER command and scheduling iowork, this check is necessar...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nvme-core: fixed the devpmqos memory leak Called devpmqoshidelatencytolerance in the error unwinding patch to avoid the kmemleak issue: blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ;...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: fixed a possible use-after-free issue in the transport errorrecovery mechanism. While nvmetcpsubmitasynceventwork checks the ctrl and queue states before preparing the AER command and scheduling iowork, this check is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Unused nvmelswaitq wait queue has been removed. A system crash occurs when qla2x00startspsp returns an error code EGAIN, and the wakeup function is called for an uninitialized wait queue sp-nvmelswaitq. - qla2xx...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme-multipath: fixed the suspicious RCU usage warning When I run the NVME over TCP test in virtme-ng, I receive the following “suspicious RCU usage” warning in nvmempathaddsysfslink: ''' 5.024557 T44 nvmet: Created nvm...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme: fixed memory allocation in nvmeprreadkeys nvmeprreadkeys takes numkeys from userspace and uses it to calculate the allocation size for rse via structsize. The upper limit is PRKEYSMAX 64K. A malicious or buggy userspace...