Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mvsas: Fixed use-after-free bugs in mvsworkqueue. During the detachment of Marvell’s SAS/SATA controller, the original code calls canceldelayedwork within mvsfree to cancel the delayed work item mqw-workq. However, if...

CVE-2026-23306

A flaw was found in the Linux kernel, specifically within the pm8001 SCSI driver and the libsas library. An incorrect return value in the pm8001queuecommand function, when a physical device is down or gone, can lead to a double free vulnerability. This occurs because the function frees a Serial...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003513 advisory. Memory leak in the sassmpgetphyevents function in drivers/scsi/libsas/sasexpander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of servic...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002579 advisory. The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of servic...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and...

CVE-2023-53627 scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

Linux Distros Unpatched Vulnerability : CVE-2024-26873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY...

CVE-2023-53126

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix sashba.phy memory leak in mpi3mrremove Free mrioc-sashba.phy at .remove...

CVE-2023-53124

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sastransportportadd Port is allocated by sasportallocnum and rphy is allocated by either sasenddevicealloc or sasexpanderalloc, all of which may return NULL. So we need to check the...

SUSE CVE-2024-57804

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and...

SUSE CVE-2024-56589

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Add condresched for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: 214.409199...

UBUNTU-CVE-2024-56589

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Add condresched for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: 214.409199...

SUSE CVE-2017-18232

The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service deadlock by triggering certain error-handling code...

SUSE CVE-2018-10021

drivers/scsi/libsas/sasscsihost.c in the Linux kernel before 4.16 allows local users to cause a denial of service ata qc leak by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers w...

SUSE CVE-2019-15807

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sasexpander.c when SAS expander discovery fails. This will cause a BUG and denial of service...

USN-4163-2: Linux kernel (Xenial HWE) vulnerabilities

USN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a race condition existed in the ARC EMAC ethernet driver for th...

Debian DLA-1884-1 : linux security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4076-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4076-1 advisory. It was discovered that a race condition existed in the Serial Attached SCSI SAS implementation in the Linux kernel. A local attacker could possibly use...

kernel: Mishandling mutex within libsas allowing local Denial of Service

The Serial Attached SCSI SAS implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service deadlock by triggering certain error-handling code...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3696-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3696-1 advisory. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of servic...