17 matches found
CVE-2026-10718
Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation...
CVE-2025-40345
CVE-2025-40345 affects Linux kernel USB storage for the sddr55, where new_pba values from the status packet could exceed the computed block count, causing the driver to walk past pba_to_lba[] and corrupt heap memory. The fix rejects PBAs that exceed the block count and fails the transfer to avoid...
CVE-2024-30212
If a SCSI READ10 command is initiated via USB using the largest LBA 0xFFFFFFFF with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to wri...
MAL-2025-3292 Malicious code in vertex-lba (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a8170a76fcb89603064ada9f6b9c67cf6806bf216e81f92cfb42bb979b77053 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vertex-lba (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a8170a76fcb89603064ada9f6b9c67cf6806bf216e81f92cfb42bb979b77053 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-30212
If a SCSI READ10 command is initiated via USB using the largest LBA 0xFFFFFFFF with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to wri...
CVE-2024-30212 Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command
If a SCSI READ10 command is initiated via USB using the largest LBA 0xFFFFFFFF with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to wri...
QEMU: improper IDE controller reset can lead to MBR overwrite
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
CVE-2023-5088
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
CVE-2023-5088
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
SUSE CVE-2020-1711
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to...
QEMU: ide: atapi: OOB access while processing read commands
An out-of-bounds read-access flaw was found in the ATAPI Emulator of QEMU. This issue occurs while processing the ATAPI read command if the logical block addressLBA is set to an invalid value. A guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service...
QEMU: ide: atapi: OOB access while processing read commands
An out-of-bounds read-access flaw was found in the ATAPI Emulator of QEMU. This issue occurs while processing the ATAPI read command if the logical block addressLBA is set to an invalid value. A guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service...
QEMU: ide: atapi: OOB access while processing read commands
An out-of-bounds read-access flaw was found in the ATAPI Emulator of QEMU. This issue occurs while processing the ATAPI read command if the logical block addressLBA is set to an invalid value. A guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service...
QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to crash the QEMU process,...
QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to crash the QEMU process,...
QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to crash the QEMU process,...