SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2450-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2450-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store the vhost pointer during subcrq allocation Currently, the back pointer from a queue to the vhost adapter is not set until after the subcrq interrupt registration. This value becomes available when a queue is...

OPENSUSE-SU-2026:20912-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: iommu/amd: Use maximum Event log buffer size when SNP is enabled on Family 0x19 bsc1243603. - CVE-2026-3150: bcache: fix cacheddev.sbbio use-after-free and...

SUSE CVE-2026-31464

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD response that exceeds maxtargets. This value is stored directly in...

EUVD-2026-24807

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD response that exceeds maxtargets. This value is stored directly in...

CVE-2026-31464

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD response that exceeds maxtargets. This value is stored directly in...

CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD response that exceeds maxtargets. This value is stored directly in...

CVE-2026-31464

Summary (CVE-2026-31464): In the Linux kernel, the scsi: ibmvfc driver is fixed to cure an out-of-bounds access during target discovery. A malicious or compromised VIO server can return a num_written value in the discover targets MAD response that exceeds max_targets. This value is stored directl...

PT-2026-34369

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access issue exists in the ibmvfc discover targets done function. A compromised VIO server can provide a num written value in the discover targets MAD response that...

Linux Distros Unpatched Vulnerability : CVE-2026-31464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD respon...

EUVD-2022-54532

Malicious code in bioql PyPI...

DEBIAN-CVE-2022-49701

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple...

UBUNTU-CVE-2022-49703

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated a...

UBUNTU-CVE-2022-49701

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple...

CVE-2022-49703 scsi: ibmvfc: Store vhost pointer during subcrq allocation

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated a...

CVE-2022-49703

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated a...

CVE-2022-49701 scsi: ibmvfc: Allocate/free queue resource only during probe/remove

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple...

CVE-2022-49701

The CVE-2022-49701 entry documents a Linux kernel issue in the ibmvfc SCSI driver where queue resources (sub-queues and event pool) are allocated/freed on every CRQ connection event (e.g., reset, LPM) instead of only during probe/remove. This can cause memory inefficiency, potential allocation fa...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ibmvfc driver not properly storing vhost pointers during subqueue allocation, which could lead to null...

kernel: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUGON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUGON, a...