SAS/Internet 9.4 1520 - Local File Inclusion

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fixed possible resource leaks in mpt3sastransportportadd. In mpt3sastransportportadd, if sasrphyadd returns an error, sasrphyfree must be called to free the resources allocated in sasenddevicealloc. Otherwise, a...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fixed a use-after-free issue related to aborted TMF sastask. Currently, a use-after-free might occur if the TMF sastask is aborted before we handle the I/O completion in mpisspcompletion. This abort occurs due to a...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021550)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021550 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportportadd In mpt3sastransportportadd,...

SUSE CVE-2026-43413

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

EUVD-2026-28719

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43413

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43413

The CVE-2026-43413 entry concerns the Linux kernel HISI_SAS SCSI driver where user_scan() can trigger a NULL pointer dereference when scanning an unsupported channel (multi-channel scan path triggers for channel 1 even though hisi_sas supports only one channel). The exploit path is a NULL derefer...

PT-2026-39074

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer exception occurs in the hisi sas driver during the execution of the user scan function. The user scan function calls sas user scan for channel 0 and then attempts to...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpt3sas: A kernel panic occurred during the drive powercycle test. While iterating through Shost’s sdev list, it is possible that one of the drives is being removed, and its sastarget object is freed, but its sdev object...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: megaraidsas: A resource leak has been fixed in case of probe failures. The driver does not properly clean up all allocated resources when the scsiaddhost or megasasstartaen functions fail during the PCI device probe. All...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: A bad drive in the topology can result in a kernel crash. When the SAS Transport Layer support is enabled and a device is exposed to the operating system through the driver, if INQUIRY commands fail, the driver...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the sashba.phy memory leak in mpi3mrremove Released mrioc-sashba.phy at .remove...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: scsitransportsas: Fixed error handling in sasPhyadd. If transportadddevice fails in sasPhyadd, the kernel may crash when trying to delete the device using transportRemoveDevice, which is called from sasRemoveHost. The kerne...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Freeing irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in freeirq, and this will cause a kernel BUG li...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: The pointer to debugfsdir is set to NULL after removing debugfs. If init debugfs fails during device registration due to a memory allocation failure, the function debugfsremoverecursive is called. However, debugfsd...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: pm8001: Fixed the runningreq for internal abort commands Disabling the remote PHY for a SATA disk causes a hang: bash root@none$ more /sys/class/sasPhy/phy-0:0:8/targetPortProtocols sata root@none$ echo 0...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013762)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013762 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006918)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006918 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportportadd In mpt3sastransportportadd,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010778 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportportadd In mpt3sastransportportadd,...