Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mvsas: Fixed use-after-free bugs in mvsworkqueue. During the detachment of Marvell’s SAS/SATA controller, the original code calls canceldelayedwork within mvsfree to cancel the delayed work item mqw-workq. However, if...

ROS-20260128-73-0005

A vulnerability in the scsi component of the Linux operating system kernel is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2023-54310 scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition

In the Linux kernel, the following vulnerability has been resolved: scsi: message: mptlan: Fix use after free bug in mptlanremove due to race condition mptlanprobe calls mptregisterlandevice which initializes the &priv-postbucketstask workqueue. A call to mptlanwakepostbucketstask will subsequent...

CVE-2023-53754 scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfcsli4pcimemsetup When iftype equals zero and pciresourcestartpdev, PCI64BITBAR4 returns false, drblregsmemmapp is not remapped. This passes a NULL pointer to iounmap, which can trigger a WARN ...

CVE-2023-53530 scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC0: controller connect complete localhost kernel: BUG: using smpprocessorid in preemptible...

AZL-73932 CVE-2025-38700 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsiconn-dddata only if memory is allocated In case of an ibfastregmr allocation failure during iSER setup, the machine hits a panic because iscsiconn-dddata is initialized unconditionally, even when n...

Linux Distros Unpatched Vulnerability : CVE-2023-53056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the...

CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

CVE-2023-53140 scsi: core: Remove the /proc/scsi/${proc_name} directory earlier

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Remove the /proc/scsi/$procname directory earlier Remove the /proc/scsi/$procname directory earlier to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit...

CVE-2023-53128 scsi: mpi3mr: Fix throttle_groups memory leak

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix throttlegroups memory leak Add a missing kfree...

CVE-2023-53038 scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc in lpfcsli4cgnparamsread If kzalloc fails in lpfcsli4cgnparamsread, then we rely on lpfcreadobject's routine to NULL check pdata. Currently, an early return error is thrown from lpfcreadobject to protect...

CVE-2022-49155

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qlacreateqpair 12.323788 BUG: using smpprocessorid in preemptible 00000000 code: systemd-udevd/1020 12.332297 caller is qla2xxxcreateqpair+0x32a/0x5d0 qla2xxx 12.338417 CPU: 7 PID: 10...

CVE-2022-49053

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmutrygetdatapage looks up pages under cmdrlock, but it does not take refcount properly and just returns page pointer. When tcmutrygetdatapage returns, the returned page may have been...

CVE-2024-56748

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix a possible memory leak in qedfallocandinitsb Hook "qedops-common-sbinit = qedsbinit" does not release the DMA memory sbvirt when it fails. Add dmafreecoherent to free it. This is the same way as qedrallocmemsb and...

CVE-2024-56748 scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix a possible memory leak in qedfallocandinitsb Hook "qedops-common-sbinit = qedsbinit" does not release the DMA memory sbvirt when it fails. Add dmafreecoherent to free it. This is the same way as qedrallocmemsb and...

CVE-2024-53170

CVE-2024-53170 is a Linux kernel block subsystem UAF issue: the flush-rq mapping may not be cleared during scsi probe due to blk_queue_init_done()/del_gendisk interaction, allowing a use‑after‑free in blk_mq_find_and_get_req during tag handling. Connected advisories/documentation confirm this vul...

CVE-2024-49891

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths When the HBA is undergoing a reset or is handling an errata event, NULL ptr dereference crashes may occur in routines such as lpfcsliflushiorings,...

DEBIAN-CVE-2024-43821

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference In function lpfcxcvrdatashow, the memory allocation with kmalloc might fail, thereby making rdpcontext a null pointer. In the following context and functions that use this...

CVE-2024-40901 scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/setbit operating in non-allocated memory There is a potential out-of-bounds access when using testbit on a single word. The testbit and setbit functions operate on long values, and when testing or settin...

CVE-2024-36919 scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spinlockbh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as...