59 matches found
CVE-2021-47191 scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreadcap16 The following warning was observed running syzkaller: 3813.830724 sgwrite: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; 3813.830724 program...
CVE-2021-47191
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreadcap16 The following warning was observed running syzkaller: 3813.830724 sgwrite: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; 3813.830724 program...
CVE-2021-47191 scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreadcap16 The following warning was observed running syzkaller: 3813.830724 sgwrite: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; 3813.830724 program...
CVE-2024-26671 blk-mq: fix IO hang from sbitmap wakeup race
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blkmqmarktagwait, addwaitqueue may be re-ordered with the following blkmqgetdrivertag in case of getting driver tag failure. Then in sbitmapqueuewakeup, waitqueueactive may not...
CVE-2024-26671
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blkmqmarktagwait, addwaitqueue may be re-ordered with the following blkmqgetdrivertag in case of getting driver tag failure. Then in sbitmapqueuewakeup, waitqueueactive may not...
CVE-2024-26671
CVE-2024-26671 describes a Linux kernel IO hang caused by blk-mq wakeup/race where __add_wait_queue() can be reordered with blk_mq_get_driver_tag() on tag failure, leading __sbitmap_queue_wake_up() to miss the waiter and not wake up, while blk_mq_mark_tag_wait() cannot obtain a driver tag. The fi...
CVE-2024-26671 blk-mq: fix IO hang from sbitmap wakeup race
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blkmqmarktagwait, addwaitqueue may be re-ordered with the following blkmqgetdrivertag in case of getting driver tag failure. Then in sbitmapqueuewakeup, waitqueueactive may not...
GSD-2023-1001109 scsi: scsi_debug: Fix a warning in resp_write_scat()
scsi: scsidebug: Fix a warning in respwritescat This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...
GSD-2021-1002768 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
scsi: scsidebug: Sanity check block descriptor length in respmodeselect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.11 by commit...
GSD-2021-1002766 scsi: scsi_debug: Don't call kcalloc() if size arg is zero
scsi: scsidebug: Don't call kcalloc if size arg is zero This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.11 by commit...
GSD-2021-1002764 scsi: scsi_debug: Fix type in min_t to avoid stack OOB
scsi: scsidebug: Fix type in mint to avoid stack OOB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.11 by commit...
GSD-2021-1002715 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
scsi: scsidebug: Sanity check block descriptor length in respmodeselect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.88 by commit...
GSD-2021-1002714 scsi: scsi_debug: Fix type in min_t to avoid stack OOB
scsi: scsidebug: Fix type in mint to avoid stack OOB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.88 by commit...
GSD-2021-1002712 scsi: scsi_debug: Don't call kcalloc() if size arg is zero
scsi: scsidebug: Don't call kcalloc if size arg is zero This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.88 by commit...
GSD-2021-1002683 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
scsi: scsidebug: Sanity check block descriptor length in respmodeselect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.168 by commit...
GSD-2021-1002640 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
scsi: scsidebug: Sanity check block descriptor length in respmodeselect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.259 by commit...
UVI-2021-1002336 scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
scsi: scsidebug: Fix out-of-bound read in respreadcap16 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...
UVI-2021-1002291 scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
scsi: scsidebug: Fix out-of-bound read in respreporttgtpgs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.82 by commit...
GSD-2021-1002291 scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
scsi: scsidebug: Fix out-of-bound read in respreporttgtpgs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.82 by commit...