Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010828)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010828 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005196)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005196 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sgrelease Fix a use-after-free bug in sgrelease, detect...

CVE-2025-40259

CVE-2025-40259 : In the Linux kernel, the sg (SCSI generic) driver could sleep in atomic context via sg_finish_rem_req() -> blk_rq_unmap_user(). The fix calls sg_finish_rem_req() with interrupts enabled to prevent sleeping in atomic context. Multiple advisories (Debian DLA-4436-1; Amazon Linux...

Linux Distros Unpatched Vulnerability : CVE-2017-14991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sgioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel...

UBUNTU-CVE-2022-50215

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before t...

SUSE CVE-2019-6501

In QEMU 3.1, scsihandleinquiryreply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations...

kernel: sg_write function lacks an sg_remove_request call in a certain failure case

A vulnerability was found in sgwrite in drivers/scsi/sg.c in the SCSI generic sg driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid Sgfd sfp pointer at the time of...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4412-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4412-1 advisory. Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer....

CVE-2020-12770

A vulnerability was found in sgwrite in drivers/scsi/sg.c in the SCSI generic sg driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid Sgfd sfp pointer at the time of...

QEMU: scsi-generic: possible OOB access while handling inquiry request

In QEMU 3.1, scsihandleinquiryreply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations...

QEMU: scsi-generic: possible OOB access while handling inquiry request

In QEMU 3.1, scsihandleinquiryreply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations...

UBUNTU-CVE-2017-14991

The sgioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SGGETREQUESTTABLE ioctl call for /dev/sg0...

kernel: Use after free in SCSI generic device interface

It was found that the blkrqmapuseriov function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging write...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3360-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3360-1 advisory. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive...

USN-2759-1: Linux kernel vulnerabilities

It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges. CVE-2015-5707 Marc-André...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerability (USN-2750-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2750-1 advisory. It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI gener...

USN-2750-1: Linux kernel (Utopic HWE) vulnerability

It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges...

Ubuntu: Security Advisory (USN-2737-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-2734-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2734-1 advisory. It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI gener...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-2733-1)

It was discovered that an integer overflow error existed in the SCSI generic sg driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service system crash or potentially escalate their privileges. Note that Tenable Network...