Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fixed a use-after-free issue related to aborted SSP/STP sastask operations. Currently, a use-after-free might occur if an sastask is aborted by the upper layer before we handle the I/O completion in functions like...

scsi: pm8001: Fix use-after-free in pm8001_queue_command()

...

CVE-2026-23306

A flaw was found in the Linux kernel, specifically within the pm8001 SCSI driver and the libsas library. An incorrect return value in the pm8001queuecommand function, when a physical device is down or gone, can lead to a double free vulnerability. This occurs because the function frees a Serial...

EUVD-2026-15246

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001queuecommand Commit e29c47fe8946 "scsi: pm8001: Simplify pm8001taskexec" refactors pm8001queuecommand, however it introduces a potential cause of a double free scenario when it changes th...

CVE-2026-23306

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001queuecommand Commit e29c47fe8946 "scsi: pm8001: Simplify pm8001taskexec" refactors pm8001queuecommand, however it introduces a potential cause of a double free scenario when it changes th...

UBUNTU-CVE-2026-23306

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001queuecommand Commit e29c47fe8946 "scsi: pm8001: Simplify pm8001taskexec" refactors pm8001queuecommand, however it introduces a potential cause of a double free scenario when it changes th...

CVE-2026-23306

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001queuecommand Commit e29c47fe8946 "scsi: pm8001: Simplify pm8001taskexec" refactors pm8001queuecommand, however it introduces a potential cause of a double free scenario when it changes th...

Linux Distros Unpatched Vulnerability : CVE-2022-50818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: pm8001: Fix runningreq for internal abort commands Disabling the remote phy for a SATA disk causes a hang: root@none$ more...

CVE-2025-40118

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 "scsi: pm80xx: Set phyattached to zero when device is gone" UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001sas.c:786:...

CVE-2025-40118

CVE-2025-40118 is a Linux kernel vulnerability in the SCSI subsystem (pm80xx/pm8001) where rmmod could trigger an UBSAN array-index-out-of-bounds. The issue occurs when a device behind an expander has an attached_phy value that can exceed the local pm8001 PHY count, causing code to index pm8001_h...

Linux Distros Unpatched Vulnerability : CVE-2025-40118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 scsi: pm80xx: Set phyattached to zero when device is gone UBSAN reports: UBSAN...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989519 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsiremovehost in pm8001alloc Calling scsiremovehost before scsiaddhost...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990055)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990055 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sastask Currently a use-after-free may occur...

DEBIAN-CVE-2022-49121

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001chipsetdevstatereq, pm8001chipfwflashupdatereq, pm80xxchipphyctlreq and pm8001chipregdevreq add missing calls to pm8001tagfree to free the allocated tag when pm8001mpibuildcmd fails...

DEBIAN-CVE-2022-48792

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sastask Currently a use-after-free may occur if a sastask is aborted by the upper layer before we handle the I/O completion in mpisspcompletion or mpisatacompletion. In this...

CVE-2022-48791

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sastask Currently a use-after-free may occur if a TMF sastask is aborted before we handle the IO completion in mpisspcompletion. The abort occurs due to timeout. When the timeout...