Astra Linux - уязвимость в qemu

A out-of-bounds write flaw was discovered in the UAS USB-attached SCSI device emulation in QEMU in versions prior to 6.2.0-rc0. The device uses the guest-provided stream number without proper checking, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A...

SUSE CVE-2026-43488

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhciirq function and causes...

CVE-2026-23306

A flaw was found in the Linux kernel, specifically within the pm8001 SCSI driver and the libsas library. An incorrect return value in the pm8001queuecommand function, when a physical device is down or gone, can lead to a double free vulnerability. This occurs because the function frees a Serial...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003513 advisory. Memory leak in the sassmpgetphyevents function in drivers/scsi/libsas/sasexpander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of servic...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002579 advisory. The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of servic...

usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer

...

UBUNTU-CVE-2025-68331

In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a URB unmapping issue when a UAS device is removed during a data transfer, which could lead to a system pani...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and...

CVE-2023-53126

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix sashba.phy memory leak in mpi3mrremove Free mrioc-sashba.phy at .remove...

CVE-2023-53124

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sastransportportadd Port is allocated by sasportallocnum and rphy is allocated by either sasenddevicealloc or sasexpanderalloc, all of which may return NULL. So we need to check the...

PT-2025-52659

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains an issue within the USB subsystem related to unmapping URBs USB Request Blocks when a UAS USB Attached SCSI device is removed during data transfer. Specifically...

UBUNTU-CVE-2024-56589

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Add condresched for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: 214.409199...

CVE-2024-21430

Windows USB Attached SCSI UAS Protocol Remote Code Execution Vulnerability...

Remote code execution

Windows USB Attached SCSI UAS Protocol Remote Code Execution Vulnerability...

CVE-2024-21430

CVE-2024-21430 is a Windows vulnerability described as a Remote Code Execution via the Windows USB Attached SCSI (UAS) protocol. The UAS handling issue is the stated root cause, with impact described as high confidentiality, integrity, and availability (per NVD metrics: CVSS 3.1 base score 6.4; a...

PT-2024-2292 · Microsoft · Windows Usb Attached Scsi (Uas) Protocol +1

Name of the Vulnerable Software and Affected Versions: Windows USB Attached SCSI UAS Protocol affected versions not specified Description: The issue is related to insufficient input validation in the Windows USB Attached SCSI UAS Protocol implementation, allowing remote attackers to execute...

KB5035885: Windows Server 2012 R2 Security Update (March 2024)

The remote Windows host is missing security update 5035885. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166 - Windows USB Hub...

KB5035854: Windows 11 version 21H2 Security Update (March 2024)

The remote Windows host is missing security update 5035854. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166 - Windows USB Hub...

KB5035845: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (March 2024)

The remote Windows host is missing security update 5035845. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166 - Windows USB Hub...