73 matches found
CVE-2025-21738
In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSIIOCTLSENDCOMMAND ioctl with outlen set to 0xd42, SCSI command set to ATA16 PASS-THROUGH, ATA command set to ATANOP, and...
CVE-2025-21738 ata: libata-sff: Ensure that we cannot write outside the allocated buffer
In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSIIOCTLSENDCOMMAND ioctl with outlen set to 0xd42, SCSI command set to ATA16 PASS-THROUGH, ATA command set to ATANOP, and...
CVE-2025-21738 ata: libata-sff: Ensure that we cannot write outside the allocated buffer
In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSIIOCTLSENDCOMMAND ioctl with outlen set to 0xd42, SCSI command set to ATA16 PASS-THROUGH, ATA command set to ATANOP, and...
CVE-2025-21738
CVE-2025-21738 affects the Linux kernel, specifically the SFF/ATA path in libata. The issue can allow a write beyond the allocated buffer in ata_pio_sector() when handling a SCSI_IOCTL_SEND_COMMAND with an ATA_NOP and related conditions, potentially overwriting memory. The description notes that ...
PT-2025-8850
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel allows writing outside the allocated buffer when a specific SCSI IOCTL SEND COMMAND ioctl is used with certain parameters, including out len set to 0xd42, SCSI...
CVE-2024-30212 Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command
If a SCSI READ10 command is initiated via USB using the largest LBA 0xFFFFFFFF with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to wri...
CVE-2024-26931
A flaw was found in the qla2xxx module in the Linux kernel. A NULL pointer dereference can be triggered when the system is under memory stress and the driver cannot allocate memory to handle the error recovery of cable pull, causing a system crash and a denial of service. Mitigation Mitigation fo...
CVE-2024-26931
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 SMP NOPTI CPU: 27...
The vulnerability of the `esp_do_nodma` function in the `hw/scsi/esp.c` file of the QEMU hardware emulation software allows a hacker to cause a service failure.
The vulnerability of the espdonodma function in the hw/scsi/esp.c file of the QEMU hardware emulation software is related to a buffer overflow condition caused by the TI command. This occurs when the expected transfer length without DMA is less than the available data in the FIFO. Exploiting this...
DEBIAN-CVE-2023-52515
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler has called the SCSI LLD ehaborthandler callback, it performs one of the following actions: Call scsiqueueinsert. Call scsifinishcommand. Call scsiehscmdadd...
Denial Of Service (DoS)
qemu is vulnerable to Denial of Service DoS. A Division by Zero vulnerability allows local attackers to crash QEMU and the guest operating system by sending a specially crafted SCSI command...
PT-2024-8307 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free error in the Linux kernel's SCSI core. This error occurs when the srp exit cmd priv function is called, and it attempts to access resources...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect without triggering this assert.
...
The vulnerability of the ide_dma_cb() function in QEMU’s hardware emulation software lies in its insufficient checking of unusual or exceptional states. This allows a malicious actor to trigger a service failure.
The vulnerability of the idedmacb function in the hardware emulation for various QEMU platforms is related to a bug in the host system, triggered through the special SCSIIOCTLSENDCOMMAND. This bug requires that the size of successfully transferred DMA operations be a multiple of 512 equal to the...
CVE-2019-20175
An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 the size...
DEBIAN-CVE-2019-20175
An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 the size...
Design/Logic Flaw
DISPUTED An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512...
CVE-2019-11885
eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00 00 SCSI command...
Command injection
eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00 00 SCSI command...