CVE-2026-43413

The CVE-2026-43413 entry concerns the Linux kernel HISI_SAS SCSI driver where user_scan() can trigger a NULL pointer dereference when scanning an unsupported channel (multi-channel scan path triggers for channel 1 even though hisi_sas supports only one channel). The exploit path is a NULL derefer...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsihostalloc After a device is initialized using deviceinitialize, or its name is set using devsetname, the device must be freed using putdevice. Otherwise, the device name will be leaked, as it...

Astra Linux – Vulnerability in Qemu

A use-after-free vulnerability was discovered in the am53c974 SCSI host bus adapter emulation in QEMU in versions prior to 6.0.0, during the handling of the ‘Information Transfer’ command CMDTI. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial ...

CVE-2026-23296

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagsetrefcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid hangs with the following call trace: 130120.652718 scsiallocsdev: Allocation failure during SCSI...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46843)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46843 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only i...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001587 advisory. drivers/scsi/libsas/sasscsihost.c in the Linux kernel before 4.16 allows local users to cause a denial of service ata qc leak by triggering certain failure condition...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002759 advisory. drivers/scsi/libsas/sasscsihost.c in the Linux kernel before 4.16 allows local users to cause a denial of service ata qc leak by triggering certain failure condition...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003242)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003242 advisory. drivers/scsi/libsas/sasscsihost.c in the Linux kernel before 4.16 allows local users to cause a denial of service ata qc leak by triggering certain failure condition...

EUVD-2022-55871

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfccreateport Commit 5e633302ace1 "scsi: lpfc: vmid: Add support for VMID in mailbox command" introduced allocations for the VMID resources in lpfccreateport after the call to scsihostalloc. Upon...

CVE-2022-50827

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfccreateport Commit 5e633302ace1 "scsi: lpfc: vmid: Add support for VMID in mailbox command" introduced allocations for the VMID resources in lpfccreateport after the call to scsihostalloc. Upon...

UBUNTU-CVE-2022-50827

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfccreateport Commit 5e633302ace1 "scsi: lpfc: vmid: Add support for VMID in mailbox command" introduced allocations for the VMID resources in lpfccreateport after the call to scsihostalloc. Upon...

PT-2025-53945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the lpfc create port function within the Linux kernel's SCSI subsystem. The issue was introduced by commit 5e633302ace1, which added support for VMID in mailbox...

AZL-72742 CVE-2025-68324 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq' is initialized in immattach and scheduled via immqueuecommand for processing SCSI commands. When the IMM parallel port SCSI host...

CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work

In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq' is initialized in immattach and scheduled via immqueuecommand for processing SCSI commands. When the IMM parallel port SCSI host...

CVE-2025-68224

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-68224

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-68224

...

CVE-2025-68224

CVE-2025-68224 is rejected/not used as stated in the Initial Description.

CVE-2025-68224 scsi: core: Fix a regression triggered by scsi_host_busy()

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a regression triggered by scsihostbusy Commit 995412e23bb2 "blk-mq: Replace tags-lock with SRCU for tag iterators" introduced the following regression: Call trace: srcureadlock+0x30/0x80 P...

编号撤回

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the scsihostbusy trigger regression, which could lead to SRCU locking issues...