29 matches found
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: nativequeuedspinlockslowpath+0x192 rawspinlockirqsave+0x32 lpfchandlefcperr+0x4...
kernel: scsi: qla2xxx: Wait for io return on terminate rport
A flaw was found in the Linux kernel’s SCSI driver component qla2xxx used with FCP-2 devices. When the terminaterportio function is invoked , the driver may exit cleanup before all outstanding I/O operations have returned. This can lead to a use-after-free condition when resources are freed while...
CVE-2023-53810
In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...
SUSE CVE-2023-53810
In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...
CVE-2023-53810
In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...
CVE-2023-53810 blk-mq: release crypto keyslot before reporting I/O complete
In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...
SUSE CVE-2025-40220
In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the fi...
CVE-2025-40220
No description is available for this CVE...
EUVD-2025-201183
In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the fi...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988710)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988710 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sastask Currently a use-after-free may occur if ...
KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
...
CVE-2022-50493 scsi: qla2xxx: Fix crash when I/O abort times out
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0 qla2xxx...
SUSE CVE-2022-50388
In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blkkickflush has NULL bio, and it may be dealt with nvmeendreq during io completion. When blktrace is enabled,...
CVE-2022-50388
In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blkkickflush has NULL bio, and it may be dealt with nvmeendreq during io completion. When blktrace is enabled,...
CVE-2022-50388 nvme: fix multipath crash caused by flush request when blktrace is enabled
In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blkkickflush has NULL bio, and it may be dealt with nvmeendreq during io completion. When blktrace is enabled,...
UBUNTU-CVE-2023-52926
In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when read i/o returned 0 except for -EAGAIN and -EIOCBQUEUED return. This can lead to a potential use-after-free when the completion via iorwdone runs at separate...
CVE-2024-56686
In the Linux kernel, the following vulnerability has been resolved: ext4: fix race in bufferhead read fault injection When I enabled ext4 debug for fault injection testing, I encountered the following warning: EXT4-fs error device sda: ext4readinodebitmap:201: comm fsstress: Cannot read inode...
CVE-2024-56686
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
SUSE CVE-2022-48791
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sastask Currently a use-after-free may occur if a TMF sastask is aborted before we handle the IO completion in mpisspcompletion. The abort occurs due to timeout. When the timeout...
DEBIAN-CVE-2022-48791
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sastask Currently a use-after-free may occur if a TMF sastask is aborted before we handle the IO completion in mpisspcompletion. The abort occurs due to timeout. When the timeout...