476 matches found
Oracle Linux 9 : kernel (ELSA-2026-27789)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...
Linux Distros Unpatched Vulnerability : CVE-2026-52989
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it trigger...
EUVD-2026-38857
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...
CVE-2026-52989
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...
CVE-2026-52989
CVE-2026-52989 affects the Linux kernel nvmet-tcp component. The root cause is that nvmet_tcp_build_pdu_iovec() detects out-of-bounds PDU length/offset but does not propagate the error to callers; it returns void and triggers nvmet_tcp_fatal_error(cmd->queue) without alerting the caller, leavi...
CVE-2026-52989 nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
RockyLinux 8 : kernel (RLSA-2026:27353)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27353 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode...
Oracle Linux 8 : kernel (ELSA-2026-27353)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27353 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177582 CVE-2026-46331 - net/sched: actpedit: free pedit keys on...
AlmaLinux 8 : kernel-rt (ALSA-2026:27354)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27354 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode...
AlmaLinux 8 : kernel (ALSA-2026:27353)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27353 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode...
RockyLinux 8 : kernel-rt (RLSA-2026:27354)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27354 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: Avoid scheduling the deletion of associations twice. When forcibly shutting down a port via the configfs interface, nvmetportsubsysdroplink first calls nvmetportdelctrls, and then nvmetdisableport. Both functions will...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Do not restore null skstatechange. queue-statechange is set as part of nvmettcpsetqueuesock, but if the TCP connection is not established when nvmettcpsetqueuesock is called, then queue-statechange is not set, and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvmet: moving async event work off nvmet-wq For the target function nvmetctrlfree, the variable ctrl-asynceventwork is flushed. If nvmetctrlfree runs on nvmet-wq, the flush re-enters the workqueue completion for the same worker. ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A use-after-free vulnerability was discovered in the drivers/nvme/target/tcp.c file, specifically in the nvmettcpfreecrypto function. This issue stems from a logical error in the NVMe/TCP subsystem of the Linux kernel. This vulnerability may allow a malicious user to exploit the situation,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: A hang issue has been fixed in nvmettcplistendataready. When the socket is closed while in the TCPLISTEN state, a callback is executed to flush all outstanding packets. This execution then calls nvmettcplistendataready...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet: The cqe.result field must always be initialized. The specification does not require that the first two double-word values i.e., the “results” for a command queue entry need to be set to 0 when they are not used this is not...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet: A possible leak has been fixed when destroying a ctrl during qp establishment. In nvmetsqdestroy, we capture sq-ctrl early. If it is not NULL, we know that a ctrl was allocated during the admin connect request handling. We...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fixed an out-of-bounds stack access in nvmetctrlstateshow. The cstsstatenames array contains only six sparse entries, but the iteration code in nvmetctrlstateshow iterates seven times, leading to a potential...