CVE-2026-46105

CVE-2026-46105 affects the Linux kernel mpt3sas SCSI driver. The driver allocates a fixed 4K PRP list buffer, which caps the maximum NVMe I/O transfer size at 2 MiB. The HBA firmware reports NVMe MDTS, but the mismatch with the 2 MiB limit can lead to oversized I/O requests and potentially a kern...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fixed a use-after-free issue related to aborted SSP/STP sastask operations. Currently, a use-after-free might occur if an sastask is aborted by the upper layer before we handle the I/O completion in functions like...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fixed a UAF Use-After-Free exception during logout when accessing the shostipaddress attribute. Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shostipaddress...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler calls the SCSI LLD ehaborthandler callback, it performs one of the following actions: Call scsiqueueinsert. Call scsifinishcommand. Call scsiehscmdadd...

CVE-2026-43414

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by qla2x00sprelease, when krefput releases the first and the last...

kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

PT-2026-37615

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFS PM LVL 0. When the RPM...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex items In the function qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: pm8001: Fix for tag leaks on error In functions like pm8001chipsetdevstatereq, pm8001chipfwflashupdatereq, pm80xxchipPhyCTLreq, and pm8001chipregdevreq, missing calls to pm8001tagfree were added to free the allocated tag...

CVE-2026-23306

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001queuecommand Commit e29c47fe8946 "scsi: pm8001: Simplify pm8001taskexec" refactors pm8001queuecommand, however it introduces a potential cause of a double free scenario when it changes th...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE-SU-2026:0188-1 Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.124 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50490: bpf: Propagate error from htablockbucket to...

Security update for the Linux Kernel (Live Patch 63 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.237 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Check...

CVE-2023-54234 scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc-evtackcmds initialization Commit c1af985d27da "scsi: mpi3mr: Add Event acknowledgment logic" introduced an array mrioc-evtackcmds but initialization of the array elements was missed. They are just...

CVE-2023-54234

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc-evtackcmds initialization Commit c1af985d27da "scsi: mpi3mr: Add Event acknowledgment logic" introduced an array mrioc-evtackcmds but initialization of the array elements was missed. They are just...

CVE-2025-68745

CVE-2025-68745 relates to Linux kernel SCSI QLA2XXX handling. Public details describe that commits related to offline port handling and host reset handling (scsi: qla2xxx: target: Fix offline port handling and host reset handling) and a subsequent fix for missed DMA unmaps (scsi: qla2xxx: Fix mis...

CVE-2025-68741

CVE-2025-68741 (Linux kernel, QLA2XXX SCSI path) : The issue arises in qla2xxx_process_purls_iocb() where items allocated by qla27xx_copy_multiple_pkt() via qla24xx_alloc_purex_item() could be freed with kfree(), which is incorrect for pre‑allocated items and risks memory corruption. The fix is t...

EUVD-2011-0655

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986385)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986385 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress If during...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-380019)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-380019 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: Revert scsi: fcoe: Fix potential deadlock on &fip-ctlrlock This reverts commit...