EulerOS Virtualization 2.12.1 : kernel (EulerOS-SA-2026-2077)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : netfilter: ctnetlink: remove refcounting in expectation dumpersCVE-2025-39764 nvme: nvme-fc: Ensure -ioerrwork is cancelled in...

SUSE CVE-2026-46149

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

Linux Distros Unpatched Vulnerability : CVE-2026-46149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then wi...

CVE-2026-46149

A flaw was found in the Linux kernel's SCSI target subsystem. This vulnerability, a buffer overflow, occurs in the tgptgpmembersshow function when processing long iSCSI IQN names. An attacker could potentially exploit this by providing a specially crafted input, leading to the disclosure of...

CVE-2026-46149

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

UBUNTU-CVE-2026-46149

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

EUVD-2026-32776

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

CVE-2026-46149

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

CVE-2026-46149

Summary: CVE-2026-46149 affects the Linux kernel SCSI target subsystem, specifically the configfs path in tg_pt_gp_members_show(). The function formats LUN paths with snprintf() into a 256-byte stack buffer and then copies cur_len bytes via memcpy(), but snprintf() may return a length that exceed...

PT-2026-44272

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow occurs in the target tg pt gp members show function when formatting LUN paths using snprintf into a 256-byte stack buffer. Because iSCSI IQN names can reach 223 bytes,...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50275)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50275 advisory. - xfrm: esp: ipv4: fix up flags setting Greg Kroah-Hartman Orabug: 39368252 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile does not initialize the aiocmd-iocb for the kiwritestream. When the writecommand fdexecuterwaio is executed, we may receive an invalid value for kiwritestream,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: target: iscsi: Fixed a timeout issue related to deleted connections. The NOPIN response timer may expire when a connection is deleted, potentially causing crashes with the following log messages: “Did not receive a...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Commands from recovery entries are freed after a session is closed. This leads to a use-after-free error when freeing commands, or a NPE Non-Programmable Error. The call trace is as follows: Time2Retain time...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fixed a buffer overflow in the liotargetnaclinfoshow function. The function liotargetnaclinfoshow uses sprintf within a loop to print details for each iSCSI connection in a session, without checking the buffe...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fixed the crash that occurred when using WRITESAME without a data buffer. In the newer versions of the SBC specifications, there’s a NDOB bit that indicates that there is no data buffer being written. If this bit is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: The “Drain commands” step in the targetreset handler is incorrect. The tcmlooptargetreset function violates the SCSI EH contract: it returns SUCCESS without draining any ongoing commands. The SCSI EH...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Resetting the ttaskcdb pointer in error cases If the allocation of cmd-ttaskcdb fails, it remains NULL, but it is later referenced in the ‘err’ path. In the event of an error, the NULL ttaskcdb value is reset to poi...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fixed the issue of NULL pointer dereferencing in corescsi3decodespeciport. The function corescsi3decodespeciport, during its error code path, corescsi3lunaclundependitem, passing the destsedeve pointer, which may be...