131 matches found
The vulnerability of the mpi_ssp_completion() function in the PMC-Sierra SPC 8001 SAS/SATA kernel of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the mpisspcompletion function in the driver drivers/scsi/pm8001/pm80xxhwi.c file of the PMC-Sierra SPC 8001 SAS/SATA operating system kernel is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the...
CVE-2024-33218
The CVE-2024-33218 entry concerns ASUSTeK Computer Inc.’s ASUS USB 3.0 Boost Storage Driver (version 5.30.20.0) and its AsUpIO64.sys component. The vulnerability allows attackers to escalate privileges and execute arbitrary code by sending crafted IOCTL requests, with local attack potential and h...
ASUS USB 安全漏洞
ASUS USB is a wireless adapter from Asus China. A security vulnerability exists in ASUS USB 3.0 Boost Storage Driver version 5.30.20.0, which originates from a problem with the component AsUpIO64.sys and allows attackers to elevate privileges and execute arbitrary code by sending a crafted IOCTL...
CLSA-2024-1715951065 kernel: Fix of 10 CVEs
scsi: lpfc: Fix use-after-free in lpfcunregrpi routine CVE-2021-47198 - fs,hugetlb: fix NULL pointer dereference in hugetlbsfillsuper CVE-2024-0841 - bpf: Fix incorrect verifier pruning due to missing register precision taints CVE-2023-2163 - bpf: Fix hashtab overflow check on 32-bit arches...
kernel: usb-storage: alauda: Fix uninit-value in alauda_check_media()
An uninitialized value vulnerability was found in the alauda USB storage driver in the Linux kernel. In alaudacheckmedia, the function does not verify that USB transfer operations succeeded before using the received data. If a transfer fails, uninitialized memory may be accessed, leading to...
kernel: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesintfremove A fix for: BUG: KASAN: slab-out-of-bounds in sesintfremove+0x23f/0x270 ses Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013 When edev-components is zero, accessing...
DEBIAN-CVE-2023-45862
An issue was discovered in drivers/usb/storage/eneub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation...
UBUNTU-CVE-2023-45862
An issue was discovered in drivers/usb/storage/eneub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation...
kernel: USB: core: Prevent nested device-reset calls
In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...
kernel: USB: core: Prevent nested device-reset calls
In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...
PT-2025-54135
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s scsi subsystem, specifically within the qedf driver. A NULL dereference issue was identified in the error handling of the qedf alloc global queues...
SUSE CVE-2014-8135
The storageVolUpload function in storage/storagedriver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service NULL pointer dereference and daemon crash via a crafted offset value in a "virsh vol-upload" command...
kernel: scsi: qla2xxx: Fix scheduling while atomic
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer fcremoteportdelete which can put the thread to sleep. The thread that originates the call is in interrupt context. The combination of the two trigge...
kernel: scsi: qla2xxx: Fix warning message due to adisc being flushed
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with the expected type. A...
PT-2022-11542 · Lenovo · Thinkstation +2
Name of the Vulnerable Software and Affected Versions: Lenovo Desktop, ThinkStation, and ThinkEdge models affected versions not specified Description: A potential issue in the SMI callback function used in the NVME driver may allow an attacker with local access and elevated privileges to execute...
Veeam Agent for Microsoft Windows 5.0 Can’t Be Started or Installed After Upgrade to Windows 11
Challenge After upgrading to Windows 11, the Veeam Agent for Microsoft Windows service may fail to start. The following errors can be found in C:\ProgramData\Veeam\Endpoint\Svc.VeeamEndpointBackup.log: Error Failed to start service. Error Error occurred during LocalDB instance startup: SQL Server...
kernel: iscsi: unrestricted access to sessions and handles
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system...
PT-2024-11074 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the scsi: qla2xxx driver. The issue arises from the commit a6dcfe08487e, which limits interrupt vectors to the...
CVE-2021-29641
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...
CVE-2021-29641
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...