EUVD-2026-38374

Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channelself endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled deviceid parameter. Attackers can send multiple requests per second by changing deviceid values to flood the channeldevice...

kernel: scsi: qla2xxx: Wait for io return on terminate rport

A flaw was found in the Linux kernel’s SCSI driver component qla2xxx used with FCP-2 devices. When the terminaterportio function is invoked , the driver may exit cleanup before all outstanding I/O operations have returned. This can lead to a use-after-free condition when resources are freed while...

kernel: scsi: qla2xxx: Wait for io return on terminate rport

A flaw was found in the Linux kernel’s SCSI driver component qla2xxx used with FCP-2 devices. When the terminaterportio function is invoked , the driver may exit cleanup before all outstanding I/O operations have returned. This can lead to a use-after-free condition when resources are freed while...

Unsanitised guest input in libxl device handling code

ISSUE DESCRIPTION Various parts of libxl device-handling code inappropriately use information from partially guest controlled areas of xenstore principally the frontend directory /local/domain/GUEST/device/TYPE/DEVID, henceforth referred to as FE. The problems vary by device type: For almost all...