K000161576: Linux kernel vulnerabilities CVE-2025-39841 and CVE-2025-39727

Security Advisory Description CVE-2025-39841 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the ...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed a use-after-free issue related to KFENCE violations during the sysfs firmware write process. During the sysfs firmware write process, a use-after-free read warning was logged from the lpfcwrobject routine: BUG:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move the cfglogverbose check before calling lpfcdmpdbg. In an attempt to log message 0126 using LOGTRACEEVENT, the following hard lock-up occurred, causing the system to hang. Call Trace: rawspinlockirqsave+0x32/0x40$...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hexadecimal numbers or similar elements. However,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed a hard lockup issue when reading the rxmonitor from debugfs. During I/O operations and simultaneous reads of /sys/kernel/debug/lpfc/fnX/rxmonitor, a hard lockup similar to the call trace below may occur. The...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy for BIOS version The strlcat function with FORTIFY support triggers a panic because it assumes that the target buffer will overflow, even though the correct target buffer size is properly passed. Instead of...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Issues related to ioremap operations in lpfcsli4pcimemsetup have been fixed. When iftype equals zero and pciresourcestartpdev, where PCI64BITBAR4 returns false, drbl regsmemmapp is not remapped. This passes a NULL...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: A NULL pointer dereferencing occurred after calling stargettorport. Calls to stargettorport may return NULL. Add a check for NULL rport before dereferencing...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed corruption in the listadd function within lpfcdraintxq. When parsing the txq list in lpfcdraintxq, the driver attempts to pass the requests to the adapter. If this attempt fails, a local “failmsg” string is set...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure that the DAID handling is completed before deleting an NPIV instance. Deleting an NPIV instance requires that all fabric ndlps be released before NPIV’s resources can be destroyed. Failure to release the fabric...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed a null pointer dereferencing after failing to issue FLOGI and PLOGI commands. If lpfcissueelsflogi fails and returns a non-zero status, the node’s reference count is decremented to trigger the release of the...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: nativequeuedspinlockslowpath+0x192 rawspinlockirqsave+0x32 lpfchandlefcperr+0x4...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smpprocessorid in preemptible code: systemd-udevd/31711 kernel: caller is lpfcupdatecmfcmd+0x214/0x420 lpfc kerne...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths When the HBA is undergoing a reset or is handling an errata event, NULL pointer dereference may cause crashes in routines such as lpfcsliflushiorings,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential use-of-memory errors in devlosstmocallbk. Smatch detected a potential use-of-memory of an ndlp object in devlosstmocallbk during driver unloading or fatal error handling. The fix involves reordering th...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfccreateport Commit 5e633302ace1 "scsi: lpfc: vmid: Add support for VMID in mailbox command" introduced allocations for the VMID resources in lpfccreateport after the call to scsihostalloc. Upon...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed a possible memory leak in lpfcrcvpadisc The call to lpfcsli4resumerpi in lpfcrcvpadisc may return an unsuccessful status. In such cases, the elsiocb is not issued, the completion function is not called, and thus...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013490 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy for BIOS version The strlcat with FORTIFY support is triggering a panic...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011415)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011415 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfcsli4pcimemsetup When iftype equals zero and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013028 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfcsli4pcimemsetup When iftype equals zero and...