48 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpt3sas: Fixed a memory leak Added a forgotten kfree function...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpt3sas: A kernel panic occurred during the drive powercycle test. While iterating through Shost’s sdev list, it is possible that one of the drives is being removed, and its sastarget object is freed, but its sdev object...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fixed a crash that occurred during the transportportremove function, by using iocinfo. During this function, messages were logged via devprintk regarding &mpt3sasport-port-dev. At this point, the SAS transport devi...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: A fix was made for NULL pointer access in mpt3sastransportportadd. The port is allocated using sasportallocnum, and rphy is allocated either through sasenddevicealloc or sasexpanderalloc. Both of these functions ma...
Linux Distros Unpatched Vulnerability : CVE-2026-46105
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver...
CVE-2026-46105
A flaw was found in the mpt3sas driver within the Linux kernel. This vulnerability allows for oversized Non-Volatile Memory Express NVMe input/output I/O operations due to improper size limitations. An attacker or a malicious NVMe device could exploit this by issuing I/O requests that exceed the...
CVE-2026-46105 scsi: mpt3sas: Limit NVMe request size to 2 MiB
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver allocates a fixed 4K buffer for the PRP list, accommodating at most 5...
CVE-2026-46105
CVE-2026-46105 affects the Linux kernel mpt3sas SCSI driver. The driver allocates a fixed 4K PRP list buffer, which caps the maximum NVMe I/O transfer size at 2 MiB. The HBA firmware reports NVMe MDTS, but the mismatch with the 2 MiB limit can lead to oversized I/O requests and potentially a kern...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an improper limit on NVMe request sizes in the mpt3sas driver. This vulnerability may lead to...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011261)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011261 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010966)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010966 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix a memory leak Add a forgotten kfree. Tenable has extracted the preceding...
OESA-2026-1078 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against...
OESA-2026-1073 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against...
CVE-2025-40115
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against &mpt3sasport-port-dev. At this point the SAS transport device may already be...
PT-2025-41037
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc1+ 189 Description The Linux kernel contains a flaw within the mpt3sas transport port add function in the SCSI subsystem. Specifically, if sas rphy add fails, the necessary resource freeing via sas rphy...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986319)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986319 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list...
EUVD-2025-31885
Malicious code in bioql PyPI...
EUVD-2022-55122
Malicious code in bioql PyPI...
PT-2025-40219
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was resolved in the SCSI subsystem related to the mpt3sas driver. The issue was addressed by adding a missing kfree function call. Recommendations At the moment, there is n...
PT-2025-46590
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc1+ 1 Description The Linux kernel contained a flaw in the mpt3sas driver where a crash could occur during the removal of a transport port. This was due to logging messages with dev printk against a SAS...