RockyLinux 9 : kernel (RLSA-2026:27789)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...

kernel: scsi: qla2xxx: Completely fix fcport double free

A flaw was found in the Linux kernel's qla2xxx SCSI driver. An issue exists where a Fibre Channel port fcport object can be freed twice due to an error in the qla2x00elsdcmdspfree function. This double free vulnerability can lead to memory corruption, potentially causing system instability or a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: A memory leak was fixed in the error path of qla2x00processels. The commit number is 8c0eb596baa5 “SCSI qla2xxx: Fix a memory leak in an error path of qla2x00processels”. The intended changes were to modify the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement a reference counter for SRB The timeout handler and the done function are competing with each other. When qla2x00asynciocbtimeout starts to execute, it may be preempted by the normal response path via the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The payload size has been sanitized to prevent member overflow. In functions qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by the firmware is used to calculate the copy length for the...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed premature hardware access after a PCI error After a recoverable PCI error is detected and resolved, the qla driver needs to check whether the error condition still exists and/or wait for the operating syst...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset. BUG: Kernel NULL pointer dereference, address: 000000000000001c PF: Supervisor read access in kernel mode PF:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid dereferencing the fcport pointer. Klocwork reported a warning that a NULL pointer might be dereferenced. The routine exits when saCTL is NULL and fcport is allocated after the exit call. This causes the NULL...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: Kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOPTI CPU: 15...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call to the midlayer function fcremoteportdelete, which can put the thread in a sleep state. The thread that originates the call is in an interrupt context. The...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Suppressed a kernel complaint in qlacreateqpair 12.323788 BUG: Using smpprocessorid in preemptible 00000000 code: systemd-udevd/1020 12.332297 Caller is qla2xxxcreateqpair+0x32a/0x5d0 qla2xxx 12.338417 CPU: 7 PI...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixing the deletion race condition A system crash occurs when using the debug kernel due to corruption of the link list. The cause of the link list corruption is that session deletion was allowed to be queued...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fixed the DMA-API call trace for NVMe LS requests. The following message and call trace were observed with debug kernels: DMA-API: qla2xxx 0000:41:00.0: The device driver failed to check the map error device...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Validates nvmelocalport correctly The driver load failed with the following error message: qla2xxx 0000:04:00.0-ffff:0: registerlocalport failed: ret=ffffffef And there was a kernel crash: BUG: Unable to handle ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fix for possible memory corruption. The Init Control Block is being referenced incorrectly. It should be referenced correctly...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: A mistake of “one” was corrected in qlaedifappgetstats. The appreply-elem array is allocated earlier in this function, and it contains appreq.numports elements. Therefore, the comparison operator needs to be change...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check whether the returned RPORT is valid. Klocwork reported a warning that the RPORT might be NULL and would be dereferenced. The RPORT returned by the call to fcbsgtorport could be NULL and would be dereferenced...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: Reverted “scsi: qla2xxx: Perform lockless command completion in abort path”. This revertment is associated with commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The committed code added code to qla2x00abortallcmds to call...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed a crash that occurred when I/O abort times out. During CPU hotplug, a crash was observed with the following stack: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed the warning message caused by adisc being flushed. The Linux kernel triggered a warning message where a different error code type did not match the expected type. Added additional translations for one erro...