CVE-2022-49377

In the Linux kernel, the following vulnerability has been resolved: blk-mq: don't touch -tagset in blkmqgetsqhctx blkmqrunhwqueues could be run when there isn't queued request and after queue is cleaned up, at that time tagset is freed, because tagset lifetime is covered by driver, and often free...

CVE-2024-40642

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

SUSE-SU-2025:20008-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. - CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

CVE-2024-47143 dma-debug: fix a possible deadlock on radix_lock

In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding dmahashentryidx.lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rqlock: CPU0 CPU1 CPU2 dmafreeatt...

PT-2025-52661

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a flaw in the scheduler related to deferred interrupt handling in PREEMPT RT kernels. Specifically, a potential deadlock situation can occur within the deferred...

PT-2026-2878

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's block layer related to request queue freezing within sysfs store callbacks. Freezing the request queue during these callbacks can lead to a deadlock...

kernel: block: fix request.queuelist usage in flush

A vulnerability was found in the Linux kernel's block subsystem, where the issue arises when the request queue list is not properly initialized for the first request in the PREFLUSH/POSTFLUSH sequences, leading to potential kernel crashes due to improper list manipulation...

kernel: scsi: sg: Avoid sg device teardown race

The bug is about a race condition in the Linux kernel's SCSI generic sg driver. The problem occurs during the removal of devices when the driver accesses a resource requestqueue that may have already been freed, leading to a NULL pointer dereference. This issue can result in system crashes,...

SUSE CVE-2024-50082

In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rqqoswait vs. rqqoswakefunction race We're seeing crashes from rqqoswakefunction that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 PF: supervisor write access in kernel...

kernel: kyber: fix out of bounds access when preempted

In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted blkmqschedbiomerge gets the ctx and hctx for the current CPU and passes the hctx to -biomerge. kyberbiomerge then gets the ctx for the current CPU again and uses that to get the...

kernel: kyber: fix out of bounds access when preempted

In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted blkmqschedbiomerge gets the ctx and hctx for the current CPU and passes the hctx to -biomerge. kyberbiomerge then gets the ctx for the current CPU again and uses that to get the...

DEBIAN-CVE-2024-41053

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix ufshcdabortone racing issue When ufshcdabortone is racing with the completion ISR, the completed tag of the request's mqhctx pointer will be set to NULL by ISR. Return success when request is completed by ISR...

CVE-2024-40642

The CVE-2024-40642 issue affects the Netty incubator codec.bhttp BinaryHttpParser in affected releases, where readRequestHead mis-validates input values. This grants attackers significant control over HTTP requests constructed from parsed output, enabling injection attacks such as HTTP request sm...

Absent Input Validation in BinaryHttpParser

Summary BinaryHttpParser does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync...

SUSE CVE-2022-48846

In the Linux kernel, the following vulnerability has been resolved: block: release rq qos structures for queue without disk blkcginitqueue may add rq qos structures to request queue, previously blkcleanupqueue calls rqqosexit to release them, but commit 8e141f9eb803 "block: drain file system I/O ...

UBUNTU-CVE-2022-48846

In the Linux kernel, the following vulnerability has been resolved: block: release rq qos structures for queue without disk blkcginitqueue may add rq qos structures to request queue, previously blkcleanupqueue calls rqqosexit to release them, but commit 8e141f9eb803 "block: drain file system I/O ...

CVE-2022-48846

In the Linux kernel, the following vulnerability has been resolved: block: release rq qos structures for queue without disk blkcginitqueue may add rq qos structures to request queue, previously blkcleanupqueue calls rqqosexit to release them, but commit 8e141f9eb803 "block: drain file system I/O ...

DEBIAN-CVE-2024-40925

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...

UBUNTU-CVE-2024-40925

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e "blk-flush: reuse rq queuelist in flush state machine". The root cause is that we use...

UBUNTU-CVE-2021-47412

In the Linux kernel, the following vulnerability has been resolved: block: don't call rqqosops-donebio if the bio isn't tracked rqqos framework is only applied on request based driver, so: 1 rqqosdonebio needn't to be called for bio based driver 2 rqqosdonebio needn't to be called for bio which...