Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fixed a use-after-free in pm8001queuecommand The commit e29c47fe8946 “scsi: pm8001: Simplified pm8001taskexec” includes refactoring efforts for pm8001queuecommand. However, this code introduces a potential cause of ...

CVE-2026-23355 ata: libata: cancel pending work after clearing deferred_qc

In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferredqc Syzbot reported a WARNON in atascsideferredqcwork, caused by ap-ops-qcdefer returning non-zero before issuing the deferred qc. atascsischeduledeferredqc is called during...

CVE-2026-23306 scsi: pm8001: Fix use-after-free in pm8001_queue_command()

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001queuecommand Commit e29c47fe8946 "scsi: pm8001: Simplify pm8001taskexec" refactors pm8001queuecommand, however it introduces a potential cause of a double free scenario when it changes th...

CVE-2026-23306

The CVE-2026-23306 issue affects Linux kernel SCSI pm8001 code. A refactor of pm8001_queue_command() to return -ENODEV in phy-down/device-gone states could inadvertently free the SAS task twice: pm8001_queue_command() would free the underlying SAS task, then libsas sas_ata_qc_issue() would attemp...

PT-2026-27720

In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferred qc Syzbot reported a WARN ON in ata scsi deferred qc work, caused by ap-ops-qc defer returning non-zero before issuing the deferred qc. ata scsi schedule deferred qc is...

PT-2026-27671

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the pm8001 queue command function related to SAS task handling. A commit intended to simplify the function introduced a double-fre...

Linux Distros Unpatched Vulnerability : CVE-2023-53510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: ufs: core: Fix handling of lrbp-cmd ufshcdqueuecommand may be called two times in a row for a SCSI command before it is completed. Hence make the followin...

CVE-2024-35833

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dmaalloccoherent is undone neither in the remove function, nor in the error handling path of fslqdmaprobe. Switch to the managed version to fix both...

CVE-2024-35833 dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dmaalloccoherent is undone neither in the remove function, nor in the error handling path of fslqdmaprobe. Switch to the managed version to fix both...

SUSE CVE-2021-46963

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxxmqueuecommand RIP: 0010:kmemcachefree+0xfa/0x1b0 Call Trace: qla2xxxmqueuecommand+0x2b5/0x2c0 qla2xxx scsiqueuerq+0x5e2/0xa40 blkmqtryissuedirectly+0x128/0x1d0 blkmqrequestissuedirectly+0x4e/0xb...

CVE-2018-11134

In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password including root. A...