kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation.

A flaw was found in the Linux kernel's qla2xxx block SCSI generic bsg interface. This vulnerability, a double free, occurs because certain vendor-specific handlers incorrectly call the bsgjobdone function on both successful and failed operation paths. A local user could exploit this to trigger...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010828)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010828 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011268 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the...

kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation.

A flaw was found in the Linux kernel's qla2xxx block SCSI generic bsg interface. This vulnerability, a double free, occurs because certain vendor-specific handlers incorrectly call the bsgjobdone function on both successful and failed operation paths. A local user could exploit this to trigger...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005196)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005196 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sgrelease Fix a use-after-free bug in sgrelease, detect...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003387)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003387 advisory. The sgioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service stack-based buffer overflow or possibly...

CVE-2025-68288

In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the 'ioctlsg01' test from Linux Test Project LTP. The following bytes were mainly observed: 0x53425355. When USB storage devices incorrect...

CVE-2025-40259

CVE-2025-40259 : In the Linux kernel, the sg (SCSI generic) driver could sleep in atomic context via sg_finish_rem_req() -> blk_rq_unmap_user(). The fix calls sg_finish_rem_req() with interrupts enabled to prevent sleeping in atomic context. Multiple advisories (Debian DLA-4436-1; Amazon Linux...

Linux Distros Unpatched Vulnerability : CVE-2017-14991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sgioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel...

UBUNTU-CVE-2022-50215

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before t...

kernel: scsi: sg: Fix slab-use-after-free read in sg_release()

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sgrelease Fix a use-after-free bug in sgrelease, detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lockrelease+0x151/0xa30 kernel/locking/lockdep.c:5838...

kernel: scsi: sg: Avoid sg device teardown race

The bug is about a race condition in the Linux kernel's SCSI generic sg driver. The problem occurs during the removal of devices when the driver accesses a resource requestqueue that may have already been freed, leading to a NULL pointer dereference. This issue can result in system crashes,...

SUSE CVE-2016-9576

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a /dev/sg device...

SUSE CVE-2019-6501

In QEMU 3.1, scsihandleinquiryreply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations...

rhel and virt-devel:rhel bug fix update

An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

SUSE: Security Advisory (SUSE-SU-2016:3248-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: sg_write function lacks an sg_remove_request call in a certain failure case

A vulnerability was found in sgwrite in drivers/scsi/sg.c in the SCSI generic sg driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid Sgfd sfp pointer at the time of...

kernel: sg_write function lacks an sg_remove_request call in a certain failure case

A vulnerability was found in sgwrite in drivers/scsi/sg.c in the SCSI generic sg driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid Sgfd sfp pointer at the time of...

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case aka CID-83c6f2390040.

...

kernel: sg_write function lacks an sg_remove_request call in a certain failure case

A vulnerability was found in sgwrite in drivers/scsi/sg.c in the SCSI generic sg driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid Sgfd sfp pointer at the time of...