Lucene search
K

73 matches found

NVD
NVD
added 2025/02/27 3:15 a.m.8 views

CVE-2025-21738

In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSIIOCTLSENDCOMMAND ioctl with outlen set to 0xd42, SCSI command set to ATA16 PASS-THROUGH, ATA command set to ATANOP, and...

5.5CVSS0.00197EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/27 2:12 a.m.15 views

CVE-2025-21738 ata: libata-sff: Ensure that we cannot write outside the allocated buffer

In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSIIOCTLSENDCOMMAND ioctl with outlen set to 0xd42, SCSI command set to ATA16 PASS-THROUGH, ATA command set to ATANOP, and...

0.00197EPSS
Exploits0References5
OSV
OSV
added 2025/02/27 2:12 a.m.12 views

CVE-2025-21738 ata: libata-sff: Ensure that we cannot write outside the allocated buffer

In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSIIOCTLSENDCOMMAND ioctl with outlen set to 0xd42, SCSI command set to ATA16 PASS-THROUGH, ATA command set to ATANOP, and...

5.5CVSS6.7AI score0.00197EPSS
Exploits0References9
CVE
CVE
added 2025/02/27 2:12 a.m.116 views

CVE-2025-21738

CVE-2025-21738 affects the Linux kernel, specifically the SFF/ATA path in libata. The issue can allow a write beyond the allocated buffer in ata_pio_sector() when handling a SCSI_IOCTL_SEND_COMMAND with an ATA_NOP and related conditions, potentially overwriting memory. The description notes that ...

5.5CVSS6.7AI score0.00197EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.4 views

PT-2025-8850

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel allows writing outside the allocated buffer when a specific SCSI IOCTL SEND COMMAND ioctl is used with certain parameters, including out len set to 0xd42, SCSI...

5.5CVSS6.8AI score0.00197EPSS
Exploits0
OSV
OSV
added 2024/05/28 4:7 p.m.20 views

CVE-2024-30212 Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command

If a SCSI READ10 command is initiated via USB using the largest LBA 0xFFFFFFFF with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to wri...

7CVSS6AI score0.00568EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/05/01 7:18 p.m.24 views

CVE-2024-26931

A flaw was found in the qla2xxx module in the Linux kernel. A NULL pointer dereference can be triggered when the system is under memory stress and the driver cannot allocate memory to handle the error recovery of cable pull, causing a system crash and a denial of service. Mitigation Mitigation fo...

5.1CVSS7.7AI score0.00254EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/05/01 5:17 a.m.25 views

CVE-2024-26931

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...

5.5CVSS8.1AI score0.00254EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/04/25 12:0 a.m.7 views

The vulnerability of the `esp_do_nodma` function in the `hw/scsi/esp.c` file of the QEMU hardware emulation software allows a hacker to cause a service failure.

The vulnerability of the espdonodma function in the hw/scsi/esp.c file of the QEMU hardware emulation software is related to a buffer overflow condition caused by the TI command. This occurs when the expected transfer length without DMA is less than the available data in the FIFO. Exploiting this...

8.2CVSS7AI score0.01397EPSS
Exploits1References8Affected Software4
OSV
OSV
added 2024/03/02 10:15 p.m.1 views

DEBIAN-CVE-2023-52515

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler has called the SCSI LLD ehaborthandler callback, it performs one of the following actions: Call scsiqueueinsert. Call scsifinishcommand. Call scsiehscmdadd...

7.8CVSS5.6AI score0.0023EPSS
Exploits0References1
Veracode
Veracode
added 2023/10/09 2:34 p.m.36 views

Denial Of Service (DoS)

qemu is vulnerable to Denial of Service DoS. A Division by Zero vulnerability allows local attackers to crash QEMU and the guest operating system by sending a specially crafted SCSI command...

5.5CVSS6.3AI score0.00376EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/01 12:0 a.m.2 views

PT-2024-8307 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free error in the Linux kernel's SCSI core. This error occurs when the srp exit cmd priv function is called, and it attempts to access resources...

9.1CVSS6.6AI score0.07693EPSS
Exploits15References1390
RedHat Linux
RedHat Linux
added 2021/04/08 7:31 a.m.281 views

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS6.7AI score0.02079EPSS
Exploits3References4
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.5 views

An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect without triggering this assert.

...

7.5CVSS8.2AI score0.03355EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2020/04/14 12:0 a.m.4 views

The vulnerability of the ide_dma_cb() function in QEMU’s hardware emulation software lies in its insufficient checking of unusual or exceptional states. This allows a malicious actor to trigger a service failure.

The vulnerability of the idedmacb function in the hardware emulation for various QEMU platforms is related to a bug in the host system, triggered through the special SCSIIOCTLSENDCOMMAND. This bug requires that the size of successfully transferred DMA operations be a multiple of 512 equal to the...

7.3CVSS7.2AI score0.03355EPSS
Exploits1References11Affected Software3
OSV
OSV
added 2019/12/31 4:15 a.m.4 views

CVE-2019-20175

An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 the size...

7.5CVSS6.4AI score
Exploits0References5
OSV
OSV
added 2019/12/31 4:15 a.m.2 views

DEBIAN-CVE-2019-20175

An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 the size...

7.5CVSS7.6AI score0.03355EPSS
Exploits1References1
Prion
Prion
added 2019/12/31 4:15 a.m.23 views

Design/Logic Flaw

DISPUTED An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512...

5CVSS7.1AI score0.03355EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2019/05/12 2:29 p.m.22 views

CVE-2019-11885

eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00 00 SCSI command...

6.8CVSS6.7AI score0.00429EPSS
Exploits1References1
Prion
Prion
added 2019/05/12 2:29 p.m.15 views

Command injection

eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00 00 SCSI command...

2.1CVSS6.8AI score0.00429EPSS
Exploits1References1
Rows per page
Query Builder