Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fixed a buffer overflow in the liotargetnaclinfoshow function. The function liotargetnaclinfoshow uses sprintf within a loop to print details for each iSCSI connection in a session, without checking the buffe...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006700)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006700 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow The function...

CVE-2026-23216 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...

SUSE-SU-2026:0188-1 Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.124 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50490: bpf: Propagate error from htablockbucket to...

CVE-2023-54184

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace: Time2Retain timer expired for...

PT-2025-40171

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the iscsi tcp component. The issue stems from a missing validation check for the sock variable before it is assign...

PT-2025-40144

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s iSCSI over TCP implementation. Specifically, a NULL pointer dereference can occur during socket access when freeing the socket concurrently with...

SUSE-SU-2025:03301-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cowfilerange bsc1230708. - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points bsc1232089. -...

CLSA-2025-1747688831 kernel: Fix of 20 CVEs

drm/dpmst: Ensure mstprimary pointer is valid in drmdpmsthandleupreq CVE-2024-57798 - block: Fix handling of offline queues in blkmqallocrequesthctx CVE-2022-49720 - drm: nv04: Fix out of bounds access CVE-2024-27008 - parport: Proper fix for array out-of-bounds access CVE-2024-50074 - Bluetooth:...

USN-6109-1 linux-raspi, linux-raspi-5.4 vulnerabilities

Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...

PT-2023-35109 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.93 Description: The issue is related to a use-after-free UAF error during the login process when accessing the shost ip address in the iscsi tcp module. The actual impact and attack plausibility have not y...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. Microsoft Windows has a security vulnerability. The vulnerability stems from a security issue with ISCSI. The following products and versions are affected:Windows 10...

edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe

A flaw was found in edk2. Missing checks in the IScsiHexToBin function in NetworkPkg/IScsiDxe lead to a buffer overflow allowing a remote attacker, who can inject himself in the communication between edk2 and the iSCSI target, to write arbitrary data to any address in the edk2 firmware and...

kernel: iscsi: unrestricted access to sessions and handles

A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 5.11.3 and earlier, which stems from the fact that drivers/scsi/scsitransportiscsi.c is adversely affected by the abilit...

August 15, 2017—KB4034663 (Preview of Monthly Rollup)

August 15, 2017—KB4034663 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4034681 released August 8, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update: This package...

CVE-2018-2926

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: NVIDIA-GFX Kernel driver. The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via ISCSI to compromise Solaris. Successful attac...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

QEMU iscsi_aio_ioctl heap buffer overflow vulnerability

QEMU is an open source emulator software. A heap buffer overflow vulnerability exists in the QEMU block/iscsi.c/iscsiaioioctl function. A local OS user can cause a denial of service QEMU process crash or execute arbitrary code via a constructed iSCSI asynchronous I/O ioctl call...

Oracle Linux 7 : qemu-kvm (ELSA-2015-0349)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0349 advisory. - Resolves: bz1169456 CVE-2014-8106 qemu-kvm: qemu: cirrus: insufficient blit region checks rhel-7.1 - Resolves: bz1163078 CVE-2014-7840 qemu-kvm: qemu...