125 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-38264
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might injec...
nvme-rdma: unquiesce admin_q before destroy it
...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from nvme-tcp unvalidated request lists, which could lead to a request processing loop...
Vulnerabilities of components such as drivers, NVMe, and host kernels of the Linux operating system, which allow attackers to cause service failures
The vulnerability of components such as drivers, NVMe, and host kernels in the Linux operating system is related to errors during thread blocking. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the `nvme_loop_create_ctrl()` function in the drivers/nvme/target/loop.c module of the Linux operating system allows a hacker to gain access to protected information.
The vulnerability of the nvmeloopcreatectrl function in the drivers/nvme/target/loop.c module of the Linux operating system is related to improper memory release before deleting the last reference „memory leak“. Exploiting this vulnerability may allow an attacker to access protected information...
Important: kernel-livepatch-6.1.134-152.225
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvmetcprecvpdu CVE-2025-21927 Affected Packages: kernel-livepatch-6.1.134-152.225 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
The vulnerability in the `drivers/nvme/host/rdma.c` driver of the Linux operating system’s NVMe kernel allows a hacker to cause a service failure.
The vulnerability in the drivers/nvme/host/rdma.c file of the Linux operating system’s NVMe kernel driver is related to insufficient handling of exception states. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
kernel: nvme-rdma: unquiesce admin_q before destroy it
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce adminq before destroy it Kernel will hang on destroy adminq while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" 0 ff61d23de260fb78 schedule at...
The vulnerability of the nvme_stop_ctrl() function in the Linux kernel driver for NVME support allows a attacker to cause a service failure.
The vulnerability of the nvmestopctrl function in the Linux kernel driver for NVME storage devices is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: deferring partition scanning. We need to prevent the partition scanning from occurring within the controller’s scanwork context. If a path error occurs here, I/O operations will wait until a path becomes available...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fixed the issue of freeing the HMB descriptor table. The HMB descriptor table is sized based on the maximum number of descriptors that can be used for a given device. However, nvmeallochostmem might break out of the loo...
nvme-multipath: defer partition scanning
...
nvme: tcp: avoid race between queue_lock lock and destroy
...
SUSE CVE-2024-56632
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix the memleak while create new ctrl failed Now while we create new ctrl failed, we have not free the tagset occupied by adminq, here try to fix it...
UBUNTU-CVE-2024-56756
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but nvmeallochostmem could break out of the loop earlier on memory...
The vulnerability of the nvme_rdma_free_queue() function in the Linux operating system’s NVMe driver allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the nvmerdmafreequeue function in the drivers/nvme/host/rdma.c file of the Linux NVMe kernel driver is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibilit...
kernel: nvme-tcp: fix UAF when detecting digest errors
A use-after-free vulnerability was found in the Linux kernel in drivers/nvme/host/tcp.c in nvmetcpiowork. This issue can occur when a local user continues to read data after the connection finishes. This flaw allows a malicious user to cause a use-after-free problem...
PT-2024-35566 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.65 Description: The issue arises from the nvme keep-alive operation, which could potentially cause a race between the fabric controller admin queue destroy code path and the hw/hctx queue dispatcher. This ra...
SUSE CVE-2024-50135
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvmedevdisable nvmedevdisable modifies the dev-onlinequeues field, therefore nvmepciupdatenrqueues should avoid racing against it, otherwise we could end up passing invalid values to...
The vulnerability of the nvme_directive_receive() function in the NVMe emulator virtual device of the QEMU hardware infrastructure, which allows a hacker to trigger a service failure.
The vulnerability of the nvmedirectivereceive function in the NVMe virtual device emulator for QEMU hardware infrastructure is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to trigger a service failure...