Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mvsas: Fixed use-after-free bugs in mvsworkqueue. During the detachment of Marvell’s SAS/SATA controller, the original code calls canceldelayedwork within mvsfree to cancel the delayed work item mqw-workq. However, if...

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

kernel: scsi: qla2xxx: Fix improper freeing of purex item

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...

ROS-20260128-73-0005

A vulnerability in the scsi component of the Linux operating system kernel is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000814)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000814 advisory. An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233. Tenable has extracted the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003152)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003152 advisory. An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233. Tenable has extracted the...

CVE-2023-54310 scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition

In the Linux kernel, the following vulnerability has been resolved: scsi: message: mptlan: Fix use after free bug in mptlanremove due to race condition mptlanprobe calls mptregisterlandevice which initializes the &priv-postbucketstask workqueue. A call to mptlanwakepostbucketstask will subsequent...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2022-50646 scsi: hpsa: Fix possible memory leak in hpsa_init_one()

In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsainitone The hpdaallocctlrinfo allocates h and its field replymap. However, in hpsainitone, if allocpercpu failed, the hpsainitone jumps to clean1 directly, which frees h and leaks the...

CVE-2022-50646

CVE-2022-50646 affects the Linux kernel SCSI HPSA path. The vulnerability is due to a memory leak in hpsa_init_one() where, on alloc_percpu() failure, the code frees the allocated structure but leaks h->reply_map. The patch fixes this by calling hpda_free_ctlr_info() to release h->reply_map...

CVE-2023-53754 scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfcsli4pcimemsetup When iftype equals zero and pciresourcestartpdev, PCI64BITBAR4 returns false, drblregsmemmapp is not remapped. This passes a NULL pointer to iounmap, which can trigger a WARN ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986306)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986306 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 scsi...

CVE-2023-53530 scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC0: controller connect complete localhost kernel: BUG: using smpprocessorid in preemptible...

Linux Distros Unpatched Vulnerability : CVE-2023-53431

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit 3fe97ff3d949 scsi: ses: Don't attach if enclosure has no components and...

Linux Distros Unpatched Vulnerability : CVE-2022-50414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: fcoe: Fix transport not deattached when fcoeifinit fails fcoeinit calls fcoetransportattach&fcoeswtransport, but when fcoeifinit fails, &fcoeswtransport i...

RHEL 9 : kernel (RHSA-2025:15668)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15668 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/iucv: Avoid explicit...

AZL-73932 CVE-2025-38700 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsiconn-dddata only if memory is allocated In case of an ibfastregmr allocation failure during iSER setup, the machine hits a panic because iscsiconn-dddata is initialized unconditionally, even when n...

kernel: scsi: lpfc: Use memcpy() for BIOS version

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy for BIOS version The strlcat with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset with...

Linux Distros Unpatched Vulnerability : CVE-2023-53056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the...

CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...