CVE-2026-23306

A flaw was found in the Linux kernel, specifically within the pm8001 SCSI driver and the libsas library. An incorrect return value in the pm8001queuecommand function, when a physical device is down or gone, can lead to a double free vulnerability. This occurs because the function frees a Serial...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003513 advisory. Memory leak in the sassmpgetphyevents function in drivers/scsi/libsas/sasexpander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of servic...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002579 advisory. The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of servic...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and...

CVE-2023-53126

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix sashba.phy memory leak in mpi3mrremove Free mrioc-sashba.phy at .remove...

CVE-2023-53124

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sastransportportadd Port is allocated by sasportallocnum and rphy is allocated by either sasenddevicealloc or sasexpanderalloc, all of which may return NULL. So we need to check the...

UBUNTU-CVE-2024-56589

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Add condresched for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: 214.409199...

SUSE CVE-2017-18232

The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service deadlock by triggering certain error-handling code...

SUSE CVE-2019-15807

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sasexpander.c when SAS expander discovery fails. This will cause a BUG and denial of service...

USN-4163-2: Linux kernel (Xenial HWE) vulnerabilities

USN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a race condition existed in the ARC EMAC ethernet driver for th...

Debian DLA-1884-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4076-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4076-1 advisory. It was discovered that a race condition existed in the Serial Attached SCSI SAS implementation in the Linux kernel. A local attacker could possibly use...

kernel: Mishandling mutex within libsas allowing local Denial of Service

The Serial Attached SCSI SAS implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service deadlock by triggering certain error-handling code...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3696-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3696-1 advisory. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of servic...

Ubuntu: Security Advisory (USN-3678-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3678-3)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3678-3 advisory. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker...

Ubuntu: Security Advisory (USN-3678-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3678-3: Linux kernel (Azure) vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovere...

USN-3678-2 linux-azure vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovere...

USN-3678-2: Linux kernel (Azure) vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovere...