Lucene search
K

56 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/27 8:16 a.m.7 views

RDMA/srp: bound SRP_RSP sense copy by the received length

...

9.1CVSS5.8AI score0.00544EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51915

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the SCSI target core component. The sbc execute unmap function verifies that the Logical Block Address LBA plus the range does not exceed the device capacit...

6AI score0.00176EPSS
Exploits0References17
Microsoft CVE
Microsoft CVE
added 2026/06/17 8:2 a.m.8 views

Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

...

6.7CVSS5.8AI score0.00121EPSS
Exploits0
NVD
NVD
added 2026/06/12 10:16 a.m.14 views

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 9:42 a.m.18 views

CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.3AI score0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 9:35 a.m.20 views

CVE-2026-46105

CVE-2026-46105 affects the Linux kernel mpt3sas SCSI driver. The driver allocates a fixed 4K PRP list buffer, which caps the maximum NVMe I/O transfer size at 2 MiB. The HBA firmware reports NVMe MDTS, but the mismatch with the 2 MiB limit can lead to oversized I/O requests and potentially a kern...

7.8CVSS5.9AI score0.00127EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like...

7.8CVSS6.3AI score0.00254EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler calls the SCSI LLD ehaborthandler callback, it performs one of the following actions: Calls scsiqueueinsert. Calls scsifinishcommand. Calls scsiehscmdadd...

7.8CVSS5.9AI score0.0023EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex items In the function qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may...

6.1AI score0.00171EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: A use-after-free issue was addressed for aborted SSP/STP SAS tasks. Currently, a use-after-free may occur if a SAS task is aborted by the upper layer before we handle the I/O completion in mpisspcompletion or...

7.8CVSS6.2AI score0.00238EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: pm8001: Fix tag leaks on error In functions like pm8001chipsetdevstatereq, pm8001chipfwflashupdatereq, pm80xxchipPhyCTLreq, and pm8001chipregdevreq, missing calls to pm8001tagfree have been added to free the allocated ta...

5.5CVSS6.3AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 3:16 p.m.10 views

CVE-2026-43414

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by qla2x00sprelease, when krefput releases the first and the last...

9.8CVSS0.0038EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/06 1:41 p.m.10 views

kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

7.8CVSS5.7AI score0.00262EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37615

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the UFS core driver when the runtime power management level is set to UFS PM LVL 0. In this state, the device power mode and link state remain active, but the...

4.7CVSS5.4AI score0.00091EPSS
Exploits0
NVD
NVD
added 2026/03/25 11:16 a.m.4 views

CVE-2026-23306

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001queuecommand Commit e29c47fe8946 "scsi: pm8001: Simplify pm8001taskexec" refactors pm8001queuecommand, however it introduces a potential cause of a double free scenario when it changes th...

7.8CVSS0.00126EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/25 12:28 a.m.7 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS6.7AI score0.00519EPSS
Exploits3References13
OSV
OSV
added 2026/01/20 2:6 p.m.9 views

SUSE-SU-2026:0188-1 Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.124 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50490: bpf: Propagate error from htablockbucket to...

7.8CVSS6.8AI score0.00193EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 2026/01/19 12:8 p.m.4 views

Security update for the Linux Kernel (Live Patch 63 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.237 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Check...

9.2CVSS7.9AI score0.00206EPSS
Exploits0References36
OSV
OSV
added 2025/12/30 12:11 p.m.18 views

CVE-2023-54234 scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc-evtackcmds initialization Commit c1af985d27da "scsi: mpi3mr: Add Event acknowledgment logic" introduced an array mrioc-evtackcmds but initialization of the array elements was missed. They are just...

6.4AI score0.00166EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/12/30 12:11 p.m.4 views

CVE-2023-54234

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc-evtackcmds initialization Commit c1af985d27da "scsi: mpi3mr: Add Event acknowledgment logic" introduced an array mrioc-evtackcmds but initialization of the array elements was missed. They are just...

5.2AI score0.00166EPSS
Exploits0
Rows per page
Query Builder