CVE-2026-10717 Open-Seachest/Seachest show SCSI Defect List Vulnerability

Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect...

CVE-2026-45857

scsi: csiostor: Fix dereference of null pointer rn...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression issue related to the removal of the procfs host directory The commit fc663711b944 “scsi: core: Removed the /proc/scsi/$procname directory earlier” fixed a bug related to module loading/unloading...

PT-2026-39075

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the scsi qla2xxx driver. In the qla24xx els dcmd iocb function, sp-free is assigned to qla2x00 els dcmd sp free. When an error occurs, this function is...

CVE-2026-3770 SourceCodester Computer Laboratory Management System cross-site request forgery

A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...

UBUNTU-CVE-2025-71235

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...

ROS-20260205-73-0031

A vulnerability in the scsi.c component of the Linux operating system is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability allows an attacker to cause a denial of service...

CVE-2026-23110

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands completed or failed so that the error handler only wakes when the last running command completes o...

CVE-2026-23059

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...

kernel: Fix of 39 CVEs

Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times CVE-2022-50419 - firewire: net: fix use after free in fwnetfinishincomingpacket CVE-2023-53432 - wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit CVE-2022-50408 - wifi: brcmfmac: slab-out-of-bounds read in...

CVE-2023-53760 scsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: mcq: Fix &hwq-cqlock deadlock issue When ufshcderrhandler is executed, CQ event interrupt can enter waiting for the same lock. This can happen in ufshcdhandlemcqcqevents and also in ufsmtkmcqintr. The following...

EUVD-2023-58449

Malicious code in bioql PyPI...

EUVD-2023-34093

Malicious code in bioql PyPI...

CVE-2023-53431

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit 3fe97ff3d949 "scsi: ses: Don't attach if enclosure has no components" and introduces proper handling of case where there are no detected...

CVE-2023-53387

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management cmd NOP OUT to the device for link recovery. If this cmd times out and clearing the doorbell fails,...

PT-2025-37461

Name of the Vulnerable Software and Affected Versions: Campcodes Computer Sales and Inventory System version 1.0 Description: A security flaw exists in Campcodes Computer Sales and Inventory System 1.0. The flaw is due to SQL injection in an unknown function of the file /pages/cust edit1.php...

scsi: ufs: qcom: Only free platform MSIs when ESI is enabled

...

USN-7701-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth...

USN-7685-5: Linux kernel (Oracle) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - Ext4 file system; - SMB network file syste...

DEBIAN-CVE-2025-38119

In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcderrhandlingprepare calls ufshcdrpmgetsync. The latter function can only succeed if UFSHCDEHINPROGRESS is not set because resuming involves submitting a SCSI command and...