UBUNTU-CVE-2024-41054

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix ufshcdclearcmd racing issue When ufshcdclearcmd is racing with the completion ISR, the completed tag of the request's mqhctx pointer will be set to NULL by the ISR. And ufshcdclearcmd's call to...

DEBIAN-CVE-2022-48791

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sastask Currently a use-after-free may occur if a TMF sastask is aborted before we handle the IO completion in mpisspcompletion. The abort occurs due to timeout. When the timeout...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a security issue in scsi bfa...

kernel: scsi: qla2xxx: Array index may go out of bound

A flaw was found in the Linux kernel qla2xxx SCSI driver. A static analysis tool reported that the array vha-hoststr, sized to hold 16 characters, could be indexed with values outside its valid range, potentially leading to out-of-bounds writes. The root cause was the use of sprintf without...

UBUNTU-CVE-2024-26627

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsihostbusy out of host lock for waking up EH handler Inside scsiehwakeup, scsihostbusy is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too...

kernel: scsi: mpi3mr: Fix config page DMA memory leak

A flaw was found in the mpi3mr module in the Linux kernel. A memory leak can occur due to pending DMA allocations from the driver after it is released from the device. This issue potentially impacts system performance and results in a denial of service...

kernel: scsi: mpi3mr: Fix an issue found by KASAN

A flaw was found in the Linux kernel's mpi3mr SCSI driver for Broadcom MPI3 HBA controllers. The driver writes 64 bytes when only 32 bytes should be written, causing an out-of-bounds write detected by KASAN. This memory corruption could lead to system instability or a kernel crash...

USN-6085-1 linux-raspi vulnerabilities

It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Zheng Wang discovered that the Intel i915 graphics...

kernel: scsi: sd: Fix potential NULL pointer dereference

A flaw was found in the Linux kernel's SCSI subsystem. A NULL pointer dereference can be triggered when an error occurs before the sdkp-device object is fully initialized, causing a system crash and a denial of service...

SUSE CVE-2012-4542

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

DEBIAN-CVE-2022-0216

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsidomsgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU...

Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss when certain older Linux kernels are used by leveraging Docker container access to write a "scsi remove-single-device" line to...

QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in modesensepage if the 'page' argument was set to MODEPAGEALLS 0x3f. A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service conditio...

QEMU: scsi-generic: possible OOB access while handling inquiry request

In QEMU 3.1, scsihandleinquiryreply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations...

kernel: block: default SCSI command filter does not accomodate commands overlap across device classes

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

kernel: block: default SCSI command filter does not accomodate commands overlap across device classes

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

kernel: bio: integer overflow page count when mapping/copying user data

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service system crash via a crafted device ioctl to a SCSI device...