165 matches found
kernel: scsi: qla2xxx: Completely fix fcport double free
A flaw was found in the Linux kernel's qla2xxx SCSI driver. An issue exists where a Fibre Channel port fcport object can be freed twice due to an error in the qla2x00elsdcmdspfree function. This double free vulnerability can lead to memory corruption, potentially causing system instability or a...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed a crash that occurred during module load/unload tests. During purex packet handling, the driver incorrectly freed a pre-allocated structure. This issue was fixed by skipping that specific entry in the code...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed premature hardware access after a PCI error After a recoverable PCI error is detected and resolved, the qla driver needs to check whether the error condition still exists and/or wait for the operating syst...
kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation.
A flaw was found in the Linux kernel's qla2xxx block SCSI generic bsg interface. This vulnerability, a double free, occurs because certain vendor-specific handlers incorrectly call the bsgjobdone function on both successful and failed operation paths. A local user could exploit this to trigger...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: Kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOPTI CPU: 15...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in the abort path When adding or removing controllers, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dmafree attrs+0x33/0x50 CPU:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixing the deletion race condition A system crash occurs when using the debug kernel due to corruption of the link list. The cause of the link list corruption is that session deletion was allowed to occur twice...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid. The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC0: controller connect complete localhost kernel: BUG: Using smpprocessorid in preemptible...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Unused nvmelswaitq wait queue has been removed. A system crash occurs when qla2x00startspsp returns an error code EGAIN, and the wakeup function is called for an uninitialized wait queue sp-nvmelswaitq. - qla2xx...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fixed the DMA-API call trace for NVMe LS requests. The following message and call trace were observed with debug kernels: DMA-API: qla2xxx 0000:41:00.0: The device driver failed to check the map error device...
ALSA-2026:19568 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit CVE-2025-39766 kernel: scsi: qla2xxx: Fix improper freeing of purex item CVE-2025-68741 kernel: libceph: make decodepool...
CVE-2026-43414
A flaw was found in the Linux kernel's qla2xxx SCSI driver. An issue exists where a Fibre Channel port fcport object can be freed twice due to an error in the qla2x00elsdcmdspfree function. This double free vulnerability can lead to memory corruption, potentially causing system instability or a...
AlmaLinux 10 : kernel (ALSA-2026:9264)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:9264 advisory. kernel: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit CVE-2025-39766 kernel: scsi: qla2xxx: Fix improper freeing of purex item...
Oracle Linux 8 : kernel (ELSA-2026-9131)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-9131 advisory. - dlm: prevent NPD when writing a positive value to eventdone Alexander Aring RHEL-136236 CVE-2025-23131 - scsi: qla2xxx: Fix improper freeing of purex...
kernel: scsi: qla2xxx: Fix improper freeing of purex item
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013219)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013219 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fcbsgtorport Klocwork reported warning of rport mayb...
ALSA-2026:9135 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: scsi: qla2xxx: Fix improper freeing of purex item CVE-2025-68741 kernel: ALSA: aloop: Fix racy access at PCM trigger CVE-2026-2319...
Oracle Linux 10 : kernel (ELSA-2026-6053)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6053 advisory. - scsi: qla2xxx: Fix bsgdone causing double free Ewan D. Milne RHEL-153413 CVE-2025-71238 Tenable has extracted the preceding description block direct...
scsi: qla2xxx: Fix bsg_done() causing double free
...
DEBIAN-CVE-2025-71238
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsgdone causing double free Kernel panic observed on system, 5353358.825191 BUG: unable to handle page fault for address: ff5f5e897b024000 5353358.825194 PF: supervisor write access in kernel mode 5353358.82519...