Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitize numphys Information is stored in mrsasport-phymask. Values that are larger than the size of this field should not be allowed...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed premature hardware access after a PCI error After a recoverable PCI error is detected and resolved, the qla driver needs to check whether the error condition still exists and/or wait for the operating syst...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed null ndlp pointer dereferencing in an abnormal exit path for GFTID An error case resulting from exiting from lpfccmplctcmdgftid causes a call to lpfcnlpput, where a null pointer is used to reference the nodelist...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport A system crash may occur due to using resources after they have been freed. The current code allows terminaterportio to exit before ensuring that all I/O operations have...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed the link-down processing to address the issue of NULL pointer dereferencing. If a FC link-down transition occurs while PLOGIs are outstanding and the fabric-known addresses are involved, outstanding ABTS request...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: SCSI: BFA: Double-free vulnerability fix When the bfadimprobe function fails during initialization, the memory pointed to by bfad-im is freed without setting bfad-im to NULL. Subsequently, during driver uninstallation, when the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: During vport deletion, an explicit async logout operation is required. During vport deletion, it was observed that an crash occurred due to stale entries in the outstanding command array. For all these stale I/O...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the sashba.phy memory leak in mpi3mrremove Released mrioc-sashba.phy at .remove...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc in lpfcsli4cgnparamsread. If kzalloc fails in lpfcsli4cgnparamsread, then we rely on lpfcreadobject’s routine to perform a NULL check on pdata. Currently, an early return error is thrown from...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed a possible memory leak that occurred when failing to issue a CMF WQE. There is no corresponding free routine if lpfcsli4issuewqe fails to issue the CMF WQE in lpfcissuecmfsyncwqe. If retval is non-zero, then fre...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fixed a crash in fnicwqcmplhandler when FDMI times out. When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. Upon completion of the sending process, this leads to a...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed the deadlock issue in the SCSI I/O completion and abort handling routines. During stress I/O tests with 500+ vports, hard lockup calls were observed. CPU A: - nativequeuedspinlockslowpath+0x192 -...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use the number of bits to manage bitmap sizes. To allocate bitmaps, the mpi3mr driver calculates the sizes of bitmaps using bytes as the unit. However, bitmap helper functions assume that bitmaps are allocated using...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed a crash that occurred when I/O abort times out. During CPU hotplug, a crash was observed with the following stack: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove the spinlockbh operation when releasing resources after uploading. Session resources are used by the firmware and driver when the session is offloaded. Once the session is uploaded, these resources are no...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: megaraidsas: A resource leak has been fixed in case of probe failures. The driver does not properly clean up all allocated resources when the scsiaddhost or megasasstartaen functions fail during the PCI device probe. All...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10, Linux-6.1

A race condition was detected in the Linux kernel’s scsi device driver, specifically in the lpfcunregisterfcfrescan function. This can lead to a null pointer dereferencing issue, potentially causing a kernel panic or a denial-of-service attack...

CVE-2026-46105

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver allocates a fixed 4K buffer for the PRP list, accommodating at most 5...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: ibmvfc: Queue resources are only allocated/free during probe/remove operations. Currently, sub-queues and event pool resources are allocated/free for every CRQ connection event, such as reset and LPM. This exposes the...

CVE-2026-43473

A flaw was found in the Linux kernel's mpi3mr SCSI driver. When the creation of reply or request queues fails, the driver may attempt to access and modify memory that has already been freed during cleanup. This can be exploited by a local user, leading to a system crash and a Denial of Service Do...