Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A out-of-bounds read vulnerability was discovered in the NVMe-oF/TCP subsystem within the Linux kernel. This issue may allow a remote attacker to send a specially crafted TCP packet, triggering a heap-based buffer overflow. As a result, data from kmalloc will be printed, and it may also be leaked...

CVE-2026-31557

A flaw was found in the Linux kernel, specifically within the NVMe over Fabrics NVMe-oF target's nvmet and nvmetrdma modules. A local attacker could potentially trigger a recursive locking condition in the nvmet-wq workqueue during asynchronous event processing. This issue arises when nvmetctrlfr...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013040)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013040 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing portstate and rport state nvmefcunregisterremote removes the remote...

FreeBSD-SA-26:07.nvmf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:07.nvmf Security Advisory The FreeBSD Project Topic: Remote denial of service via null pointer dereference Category: core Module: nvmf Announced: 2026-03-26...

DEBIAN-CVE-2026-23261

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl - nvmefcinitctrl nvmefcinitctrl allocates the admin blk-mq resources right...

CVE-2026-23261

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl - nvmefcinitctrl nvmefcinitctrl allocates the admin blk-mq resources right...

CVE-2026-23261

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl - nvmefcinitctrl nvmefcinitctrl allocates the admin blk-mq resources right...

CVE-2025-40342 nvme-fc: use lock accessing port_state and rport state

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing portstate and rport state nvmefcunregisterremote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reconnect logic, because...

OESA-2025-2693 spdk security update

The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2023-5178)

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code...

OESA-2025-2525 spdk security update

The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...

OESA-2025-2523 spdk security update

The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...

EUVD-2025-32016

Malicious code in bioql PyPI...

SPDK is vulnerable to buffer overflow in the NVMe-oF target component

Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf...

GHSA-5M5W-W2H2-FQGQ SPDK is vulnerable to buffer overflow in the NVMe-oF target component

Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf...

CVE-2025-57275

Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf...

CVE-2025-57275

CVE-2025-57275 affects Storage Performance Development Kit (SPDK) 25.05 and the NVMe-oF target component (lib/nvmf). The root cause is improper bounds handling leading to a Buffer Overflow. Documents describe potential buffer overflow that could crash or, per Veracode, enable arbitrary behavior. ...

CVE-2024-53102

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

kernel: nvme-fc: do not wait in vain when unloading module

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

UBUNTU-CVE-2024-46737

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmettcpalloccmds the kernel crashes in nvmettcpreleasequeuework because of a NULL pointer dereference. nvmet: failed to install queue 0...