15 matches found
SUSE CVE-2023-54054
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
EUVD-2023-60272
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Index Out of Bounds Driver uses fcelsflogi to calculate size of buffer. The actual buffer is nested inside of fcelsflogi which is smaller. Replace...
CVE-2023-54054
CVE-2023-54054 pertains to the Linux kernel SCSI qla2xxx driver, where a buffer overrun occurred in the handling of fc_els_flogi, leading to an incorrect buffer size calculation. Multiple connected sources (OSV entries for Debian, Ubuntu, and general OSV) report that the vulnerability has been re...
CVE-2023-54054
...
CVE-2022-49535
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure...
CVE-2022-49504
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a target device, the...
DEBIAN-CVE-2022-49504
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a target device, the...
CVE-2022-49535 scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure...
CVE-2022-49535 scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure...
CVE-2022-49535 scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure...
CVE-2022-49535
CVE-2022-49535 affects the Linux kernel SCSI lpfc path. The flaw can cause a use-after-free via premature node release when FLOGI/PLOGI handling fails or when non-zero ELS PLOGI status is processed if a dev-loss-evt work is pending. The described root cause is a premature decrementing of the ndlp...
CVE-2022-49504
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a target device, the...
CVE-2022-49504 scsi: lpfc: Inhibit aborts if external loopback plug is inserted
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a target device, the...
CVE-2022-49504
The CVE-2022-49504 issue affects the Linux kernel SCSI lpfc path, where after an external loopback test the system oopsed in llpfc_set_rrq_active() due to a mismanaged ABTS completion and ref counting. The root cause was a mixup in completing the new FLOGI/ABTS flow, causing the original ABTS to ...
GSD-2022-1002838 scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commi...