132 matches found
SUSE CVE-2026-43449
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: Remove the tag set when the second admin queue configuration fails. Commit 104d0e2f6222 “nvme-fabrics: Reset the admin connection for secure concatenation” modified nvmetcpsetupctrl to call nvmetcpconfigureadminqueue...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: fixed a possible use-after-free issue in the transport errorrecovery process. While nvmetcpsubmitasynceventwork checks the ctrl and queue states before preparing the AER command and scheduling iowork, this check is...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nvme: Fix for admin queue leaks upon controller reset When the nvmeallocadmintagset function is called during a controller reset, a previously existing admin queue may still exist. Properly release this queue before allocating a...
mailcow dockerized 跨站脚本漏洞
Mailcow Dockerized is an open-source application developed by Mailcow. The version 2026-03b of Mailcow Dockerized contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the administrator’s queue manager, which may cause t...
EUVD-2026-28755
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...
CVE-2026-43449
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...
CVE-2026-43449
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...
UBUNTU-CVE-2026-43449
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...
CVE-2026-43449 nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...
CVE-2026-43449
CVE-2026-43449 concerns the Linux kernel NVMe PCI driver. The issue is a slab-out-of-bounds write in nvme_dbbuf_set caused by an incorrect loop bound when indexing dev->online_queues; index 0 (admin queue) is excluded, but the loop could overrun. The vulnerability is evidenced by KASAN reports...
CVE-2026-43449
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...
PT-2026-39110
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-out-of-bounds issue exists in the nvme-pci component. The problem occurs in the nvme dbbuf set function due to an incorrect loop condition. The dev-online queues variable tracks t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvme: fixed the lifetime of the admin requestqueue Namespaces can access the controller’s admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure that the admin requestqueue ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed NULL pointer dereferencing in iavfgetlinkksettings. Fixed a potential NULL pointer dereferencing issue, caused by freeing adapter-vfres in iavfinitgetresources. The previous commit introduced a regression, where...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: NVMe: Fixed the failure in reconnection due to reserved tag allocation. We identified an issue in a production environment while using NVMe over RDMA. The reconnection of adminq failed indefinitely, even when the remote target an...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/efa: Fixed the issue of using the completion context after it was freed. Regarding the handling of admin queue completion, if the admin command completes with an error, we print data from the completion context. The issue...
nvme: fix admin queue leak on controller reset
...
SUSE CVE-2026-31493
In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we print data from the completion context. The issue is that we already freed the completion context in...
EUVD-2026-24863
In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we print data from the completion context. The issue is that we already freed the completion context in...