SAS/Internet 9.4 1520 - Local File Inclusion

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fixed possible resource leaks in mpt3sastransportportadd. In mpt3sastransportportadd, if sasrphyadd returns an error, sasrphyfree must be called to free the resources allocated in sasenddevicealloc. Otherwise, a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the memory leak in sashba.phy in mpi3mrremove. Released mrioc-sashba.phy during .remove...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpt3sas: A kernel panic occurred during the drive powercycle test. While iterating through Shost’s sdev list, it is possible that one of the drives is being removed, and its sastarget object is freed, but its sdev object...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021550)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021550 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportportadd In mpt3sastransportportadd,...

SUSE CVE-2026-43413

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

EUVD-2026-28719

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43413

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43413

The CVE-2026-43413 entry concerns the Linux kernel HISI_SAS SCSI driver where user_scan() can trigger a NULL pointer dereference when scanning an unsupported channel (multi-channel scan path triggers for channel 1 even though hisi_sas supports only one channel). The exploit path is a NULL derefer...

PT-2026-39074

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer exception occurs in the hisi sas driver during the execution of the user scan function. The user scan function calls sas user scan for channel 0 and then attempts to...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: scsi: megaraidsas: Fixed an invalid node index issue. On systems with DRAM interleave enabled, out-of-bound access was detected: megaraidsas 0000:3f:00.0: Requested/available msix 128/128 pollqueue 0 ------------ Cut here...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Set debugfsdir pointer to NULL after removing debugfs If init debugfs failed during device registration due to memory allocation failure, debugfsremoverecursive is called, after which debugfsdir is not set to NULL...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: megaraidsas: A resource leak has been fixed in case of probe failures. The driver does not properly clean up all allocated resources when the scsiaddhost or megasasstartaen functions fail during the PCI device probe. All...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: scsitransportsas: Fixed error handling in sasphyadd. If transportadddevice fails in sasPhyadd, the kernel may crash when trying to delete the device using transportremovedevice, which is called from sasremovehost. The kerne...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix runningreq for internal abort commands Disabling the remote phy for a SATA disk causes a hang: root@none$ more /sys/class/sasphy/phy-0:0:8/targetportprotocols sata root@none$ echo 0...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support is enabled and a device exposed to the OS by the driver fails INQUIRY commands, the driver frees up the memory allocated for an interna...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Free irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in freeirq, and this will cause a kernel BUG like...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitize numphys Information is stored in mrsasport-phymask. Values that are larger than the size of this field should not be allowed...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: A use-after-free issue has been fixed for aborted TMF sastask instances. Currently, a use-after-free might occur if a TMF sastask is aborted before we handle the I/O completion in mpisspcompletion. The abort occurs...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013762)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013762 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in...