CVE-2026-46289

The CVE pertains to the Linux kernel, specifically the kvec-to-sg extraction path in lib/scatterlist (extract_kvec_to_sg and related extract_iter_to_sg). The main issues were: (1) the length for an sglist entry when extracting from a kvec could exceed the page size, and (2) the sglist used as a s...

CVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sg

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

PT-2026-47361

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extract kvec to sg Patch series "Fix bugs in extract iter to sg", v3. Fix bugs in the kvec and user variants of extract iter to sg. This series is growing due to useful remarks made by...

CLSA-2026-1777641037 kernel-uek: Fix of CVE-2026-31431

crypto: algifaead - Fix minimum RX size check for decryption CVE-2026-31431 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl CVE-2026-31431 - crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec CVE-2026-31431 - crypto: authencesn - Fix src offset when...

Unbreakable Enterprise kernel security update: Copy Fail

5.15.0-319.201.4.4 - crypto: algifaead - Fix minimum RX size check for decryption Herbert Xu Orabug: 39291961 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl Herbert Xu Orabug: 39291961 - crypto: authencesn - Fix src offset when decrypting in-place Herbert Xu Orabug: 39291961 -...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989992)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989992 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglistrw This patch fixes a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990189)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990189 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglistrw This patch fixes a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987717)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987717 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting t...

DEBIAN-CVE-2023-53026

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the selected page size...

wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()

...

AZL-55238 CVE-2024-56593 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglistrw This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sdsgentryalign' value applies e.g. 512 and a lot of queued SKBs a...

DEBIAN-CVE-2024-56593

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglistrw This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sdsgentryalign' value applies e.g. 512 and a lot of queued SKBs a...

UBUNTU-CVE-2024-56593

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglistrw This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sdsgentryalign' value applies e.g. 512 and a lot of queued SKBs a...

CVE-2024-56593 wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglistrw This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sdsgentryalign' value applies e.g. 512 and a lot of queued SKBs a...

PT-2024-36900

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description A NULL pointer dereference bug in the brcmfmac module occurs when a high 'sd sgentry align' value applies and a lot of queued SKBs are sent from the pkt queue. The problem is the number of...

CVE-2022-48795

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix data TLB miss in sbaunmapsg Rolf Eike Beer reported the following bug: 1274934.746891 Bad Address null pointer deref?: Code=15 Data TLB miss fault at addr 0000004140000018 1274934.746891 CPU: 3 PID: 5549 Comm: cmake N...

SUSE CVE-2016-7156

The pvscsiconvertsglist function in hw/scsi/vmwpvscsi.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging an incorrect cast...

SUSE CVE-2017-5856

Memory leak in the megasashandledcmd function in hw/scsi/megasas.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service host memory consumption via MegaRAID Firmware Interface MFI commands with the sglist size set to a value over 2 Gb...

PT-2024-10492 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15.4-gentoo-parisc64 4 Description: The vulnerability is caused by overrunning the sglist and incorrectly testing sg dma lensglist before nents. Normally, this doesn't cause a crash, but in this case, sglist...

Denial Of Service (DoS)

qemu is vulnerable to denial of service DoS. The vulnerability exists through a memory leak when the sglist size is set to a value over 2 Gb, in the megasashandledcmd function in hw/scsi/megasas.c...