34 matches found
SUSE CVE-2026-45997
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves the gendisk referenced. The deviceadddisk error path in sdprobe calls...
CVE-2026-45997
A flaw was found in the Linux kernel's SCSI disk sd driver. When adding a new device, a failure in deviceadd can lead to a resource leak where a gendisk remains referenced but is not properly freed. This missing cleanup, specifically the putdisk call, can result in resource exhaustion. A local...
CVE-2026-45997
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves the gendisk referenced. The deviceadddisk error path in sdprobe calls...
EUVD-2026-32293
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves the gendisk referenced. The deviceadddisk error path in sdprobe calls...
Linux Distros Unpatched Vulnerability : CVE-2026-45997
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves...
Astra Linux - уязвимость в qemu
QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because scsidiskemulatemodeselect does not prevent s-qdev.blocksize from being 256. This stops QEMU and the guest immediately...
Azure Linux 3.0 Security Update: qemu (CVE-2023-42467)
The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42467 advisory. - QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because...
EUVD-2018-4845
Malware in sbrugna...
DEBIAN-CVE-2023-52974
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress If during iscsiswtcpsessioncreate iscsitcpr2tpoolalloc fails, userspace could be accessing the host's ipaddress attr. If we then free the session via...
DEBIAN-CVE-2022-49376
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sdprobe sees an early error before sdkp-device is initialized, sdzbcreleasedisk is called. This causes a NULL pointer dereference when sdiszoned is called inside that function...
CVE-2022-49376
CVE-2022-49376 affects the Linux kernel SCSI subsystem (sd driver). The issue arises when sd_probe() hits an early error before sdkp->device is initialized, leading to a NULL pointer dereference inside sd_is_zoned() due to an unintended call to sd_zbc_release_disk(). The fix removes the sd_zbc...
CVE-2022-49376 scsi: sd: Fix potential NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sdprobe sees an early error before sdkp-device is initialized, sdzbcreleasedisk is called. This causes a NULL pointer dereference when sdiszoned is called inside that function...
CVE-2024-53170
In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blkmqclearflushrqmapping is not called during scsi probe, by checking blkqueueinitdone. However, QUEUEFLAGINITDONE is cleared in delgendisk by commit aec89dc5d421 "block: keep...
Oracle Linux 9 : qemu-kvm (ELSA-2024-12407)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12407 advisory. - ui/clipboard: add asserts for update and request Fiona Ebner Orabug: 36323175 CVE-2023-6683 - ui/clipboard: mark type as not available when there is...
CVE-2021-47552 blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()
In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blkcleanupqueue and diskrelease For avoiding to slow down queue destroy, we don't call blkmqquiescequeue in blkcleanupqueue, instead of delaying to cancel dispatch work in...
SUSE CVE-2023-42467
QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because scsidiskemulatemodeselect does not prevent s-qdev.blocksize from being 256. This stops QEMU and the guest immediately...
CVE-2023-42467
QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because scsidiskemulatemodeselect does not prevent s-qdev.blocksize from being 256. This stops QEMU and the guest immediately...
DEBIAN-CVE-2023-42467
QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because scsidiskemulatemodeselect does not prevent s-qdev.blocksize from being 256. This stops QEMU and the guest immediately...
CVE-2023-42467
QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because scsidiskemulatemodeselect does not prevent s-qdev.blocksize from being 256. This stops QEMU and the guest immediately...
AZL-35172 CVE-2023-42467 affecting package qemu for versions less than 8.2.0-1
QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because scsidiskemulatemodeselect does not prevent s-qdev.blocksize from being 256. This stops QEMU and the guest immediately...