Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed null ndlp pointer dereferencing in an abnormal exit path for GFTID An error case resulting from exiting from lpfccmplctcmdgftid causes a call to lpfcnlpput, where a null pointer is used to reference the nodelist...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Moved the unregistration of NPIV’s transport to after resource cleanup. There are cases after NPIV is deleted where the fabric switch still believes that NPIV is logged into the fabric. This occurs when a vport is...

CVE-2022-50827 scsi: lpfc: Fix memory leak in lpfc_create_port()

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfccreateport Commit 5e633302ace1 "scsi: lpfc: vmid: Add support for VMID in mailbox command" introduced allocations for the VMID resources in lpfccreateport after the call to scsihostalloc. Upon...

CVE-2023-54014

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fcbsgtorport Klocwork reported warning of rport maybe NULL and will be dereferenced. rport returned by call to fcbsgtorport could be NULL and dereferenced. Check valid rport returned b...

SUSE CVE-2022-50744

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rxmonitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rxmonitor, a hard lockup similar to the call trace below may occur. The spinlockbh in...

CVE-2022-50744 scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rxmonitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rxmonitor, a hard lockup similar to the call trace below may occur. The spinlockbh in...

CVE-2022-50727

Technical details for CVE-2022-50727 are not publicly provided in the supplied documents. Monitor for updates from the connected advisories and vendor/security bulletins.

CVE-2023-54014 scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fcbsgtorport Klocwork reported warning of rport maybe NULL and will be dereferenced. rport returned by call to fcbsgtorport could be NULL and dereferenced. Check valid rport returned b...

nvmet-fc: avoid scheduling association deletion twice

...

CVE-2025-40342

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing portstate and rport state nvmefcunregisterremote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reconnect logic, because...

CVE-2025-40342

The CVE-2025-40342 issue is in the Linux kernel nvme-fc/NVMe over Fabrics: nvme_fc_unregister_remote can remove a remote port at any time when there is no active association, racing with the reconnect logic because nvme_fc_create_association does not obtain a lock to guard port_state and atomical...

PT-2025-49091

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0 Description The Linux kernel contains a flaw within the nvme-fc subsystem. Specifically, the issue arises from improper handling of work queues during the deletion of an NVMe-FC controller association. The...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989807 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986321)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986321 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987036)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987036 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix listadd corruption in lpfcdraintxq When parsing the txq list in lpfcdraintxq, the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986538)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986538 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not...

UBUNTU-CVE-2022-50467

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFTID An error case exit from lpfccmplctcmdgftid results in a call to lpfcnlpput with a null pointer to a nodelist structure. Changed lpfccmplctcmdgftid to...

CVE-2023-53245 scsi: storvsc: Fix handling of virtual Fibre Channel timeouts

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them in a guest VM as a SCSI device. I/O to the vFC device is handled by the...

DEBIAN-CVE-2025-38695

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfcvport structure If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resultant cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before sli4hba.hdwqs are...

UBUNTU-CVE-2025-38695

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfcvport structure If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resultant cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before sli4hba.hdwqs are...